Secunia Security Advisory - Some vulnerabilities have been reported in Vallheru, which can be exploited by malicious people to conduct SQL injection attacks.
80de40363842b844ee64b9f8601d841f1300e3e18fb0c82593cadd5a5eb93bef11 byte shellcode for Linux/x86 that kills all processes.
7385e922191bbd115ccc17a49a7f27480d8bf2fb4888f053896e3fa0bae94ef8VMware Security Advisory - A new update has been released for VMware ESX Server version 3.0.0. This patch addresses the AMD fxsave/restore security vulnerability.
78846882184d41c6d2c5180d83b747c2b360fed571e938081cf437e66aec9aaeVMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
9a66799b14690c41ec3ec055156a1779166c5ed73ed0a6f092e85b0596740011VMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
1440199717c94f0c4f1b7bd5c1fda07332cb78575e0f9e4297957683819670a4VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
e684543f58081d1348c75166cbc7034f9d65df6dc03ffd4fd6c62d5e6cfa6ca9VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.4 prior to upgrade patch 1. This patch addresses vulnerabilities in ucd-snmp, XFree86, an AMD fxsave/restore security flaw, some minor information leaks, and more.
3c5ba7597c91ed301fbec257901ba81d15b855241f3a9c647492727c59cd3151Gentoo Linux Security Advisory GLSA 200611-08 - Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly allocates memory for the packages, possibly causing a heap-based buffer overflow. Versions less than 4.4.6-r3 are affected.
ec09d7c2209ba99c86b163c545ac15be3a22c065254710019b19d822b12df52aGentoo Linux Security Advisory GLSA 200611-07 - M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. Versions less than 1.1.7-r3 are affected.
6f9aa5deebf1f72365102310802a087c85cc9c7ea240a3ae42907b6041966175Gentoo Linux Security Advisory GLSA 200611-06 - Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. Versions less than 4.4_p1-r5 are affected.
e4d52e4db7a2f774547967fcdb1347e65d07863ddc4010853c0d9e91586389bePHPRunner suffers from a database credential disclosure vulnerability.
cfee31d0f2a39eed570dd22fdd280cdbad110a27392dfb40c9df1fb77db8caacThis Metasploit module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11 probe response that contains a long SSID. The target MAC address must be provided to use this exploit. The two cards tested fell into the 00:14:a5:06:XX:XX and 00:14:a4:2a:XX:XX ranges.
2ff6d29125b46d296be9c00aba6e22b7ec7b8b26fb33105084e75a05c8cc0a55This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.
5245f37a2a49581c658dd9bdd9e766576bf78b633852da860acdc8bc666fa469MiniBB Forum versions 2.0 and below suffer from a remote file inclusion vulnerability in index.php.
8dee6a507d78adc60350717cbb46ffce4c234413afb07280f21ff7c24632f57dThe Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
2df1d6ba1168f33411d64216fc6207477b58415db787795da79aad12e7ebc9eaFedora Legacy Update Advisory FLSA:211760 - Updated gzip package fixes various security issues, ranging from denial of service flaws to code execution flaws.
6f76d15490d487a40bfeb461439f36801f1d98706b21275562a20315734d1dfdRemote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service. Versions 2.6.2 (SVN revision 1748) and below are affected.
198b2f0e24232dd25c7698cea3f1e16a3cb4e3422d58cdfb5df4c0060fdc91b6DirectAdmin version 1.28.1 suffers from a cross site scripting vulnerability.
64987c39e24b2b6ad6ae0eae08cf6d4eb10971e913bacc25cb3f174743a2e216Topstory Basic version 1.0 suffers from a remote file inclusion vulnerability.
b546d119989ab30def7ee106252bcc508aa7e65f08d0e9ae7b17344602291719infinicart suffers from SQL injection and cross site scripting vulnerabilities.
7742afb5d2ad6c0d50e2afe60f957b046d23ce4d3e69b01bd79f45e9b955a62fMyStats version 1.0.8 and below suffer from SQL injection, cross site scripting, and path disclosure vulnerabilities.
8cd756c9c395b5db6920c0f08f06ce95eeea7f11499494fb823c29bb44addf70Mega Mall suffers from various SQL injection vulnerabilities.
e9c2fe4ea9c37dab0c86fdcfccef59f7ccba35a6c183550adc48be2edb6a098bCMSmelborp Beta remote file inclusion exploit that makes use of user_standard.php.
25fecb63698d29f83610552f57dcb4c58c736c41884c80f0b0a59b676f3ea8c0StoryStream version 4.0 suffers from remote file inclusion vulnerabilities.
9aa3e22e9bf3e3e7f2b09f589ef9c0afaed299db63520433bc8394cb0d64b9daPHPWind versions 5.0.1 and below AdminUser remote blind SQL injection exploit.
6b4a7509f2fee6ad9ed6bda931e59746e8b01f682a6e0508a9d0aec0cbcaf8a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed