A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
3a26b12732044b073dd79d79ff092513cab6c18141f701323054a437bbfc5041Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.
7b01fd77323cb00294467c5222071074dff2361a56225c284762a06529f677e0Secunia Security Advisory - A vulnerability has been discovered in three Microsoft Office Viewers, which can be exploited by malicious people to compromise a user's system.
9ebfb7669a4d194a6dbe771eeb49a6951cc2827589ef3a2df8b3568ad36ab448Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).
86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cbMicrosoft cabarc suffers from a directory traversal attack.
0da1c6998a5f13827d20d84f85aa434f414f8be738cf5bc9a90c1282bc3e1d21Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.
74b47a75453d9dc65dbc5539bba536659320db15cce3b64be03a8b121edc9ce0A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. If you are using Yeemp 0.9.9 or earlier, upgrading is recommended.
8e0726059b33adaf98c74ff08fdb45bbb51fc84abab3946b1e79e8c0d43c26fbWhen powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.
e11542d2578735dc297e764e674a65cc9614bb6b9f43c8814372598c9f6eff29Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
aa754296533ab5d4fdb29cd0c29009bc2db0200a3533573398e5fa23fa39a362Secunia Security Advisory - Some vulnerabilities have been reported in IceWarp Web Mail, where some can be exploited by malicious people to conduct cross-site scripting attacks.
9637ac06092f78f9b5f9b94d88cd568e8348b78eec3e9c4b79353a41fc84a073YahooPOPS version 1.6 and prior SMTP port buffer overflow exploit version 0.1. Binds a shell to port 101.
d2ee1b20931eae876045ab86c1dd5593d1c5adec78853e59d0fc83e91f651324In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.
d215ed928fec0e161f37c0ab08cc9416f69f073313b1b012ea68e781f922f43eiDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.
00744a5e7cc95517a2ff10c38f84a9a46424bca636ffcb8837c7e1ee321a604bA security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).
db108612758ccded9c534e95a3bc8a27785ac15c0c5e685d14c1eb625191e746FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
de9859f2c2243192424efaf4af7a033ed888c7455ef387de82c975d61e65a030ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.
02942496ed418d323512b6c454d5e76733b0144cb3c43bd3f58f17a0673b41edMultiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.
3883551b72d84d43a2a3267c598f7a044bcfcc697816708e9381717b65e1842bDebian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.
ed8489bd016cd628a4c0a2fa5fdc415946b3e3682887a3b6c7a242842960e5e0Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided.
f97ca616c43e652dfe2c9583e834a64932f03512bef096f4d9c26c7aa3a171adThere is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.
fb8ec6223316254b7134b54190da91977cf5dee5771fab54f779e3ca86aae2bcGentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.
4678f6b2692f2be3912fd1e0c2ea1f77093306ccc6fdadd8053ab190c774029aThis one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.
99035039e64067b952af58f3209809e892647771d9123ba06bedf99a51bf960cGentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.
326ec5eba2f3662d8151611c9efad3a1e6f23854be273bf4cab22457c1864621Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.
44f3dbafce0afee0e6f35a3f1b8901e9bbaf77d048f1b9552d87257ceb870f8dAntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
ff634f623bf2ef8cf137d54a2d56e52aa91914d20213dcd56665be9493c281da
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed