Secunia Security Advisory - Some vulnerabilities have been reported in Vallheru, which can be exploited by malicious people to conduct SQL injection attacks.
82daf785213eaf426fc8a3f6d3b0ff7211 byte shellcode for Linux/x86 that kills all processes.
d606a66e501b25709fe4a4cca6168cf5VMware Security Advisory - A new update has been released for VMware ESX Server version 3.0.0. This patch addresses the AMD fxsave/restore security vulnerability.
fbb068276771c1e7463a3712434aea83VMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
bb35ebbd06f52a0140b2bf867e5172faVMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
4f3cbd421d4a3476d5b84152399b3673VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
3f5369604f0c4d48579db01e332e6a04VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.4 prior to upgrade patch 1. This patch addresses vulnerabilities in ucd-snmp, XFree86, an AMD fxsave/restore security flaw, some minor information leaks, and more.
2c2c7135a54317ec1346817dca2e51fcGentoo Linux Security Advisory GLSA 200611-08 - Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly allocates memory for the packages, possibly causing a heap-based buffer overflow. Versions less than 4.4.6-r3 are affected.
52521940eebf7c4f721139f18e3c8eefGentoo Linux Security Advisory GLSA 200611-07 - M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. Versions less than 1.1.7-r3 are affected.
304b459994a7c879fa655aedc958faf5Gentoo Linux Security Advisory GLSA 200611-06 - Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. Versions less than 4.4_p1-r5 are affected.
3b6b67d565d2a6e68a0594289f6bcc1ePHPRunner suffers from a database credential disclosure vulnerability.
cdb7279f4491fd2addb11a3d97eab5a5This Metasploit module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11 probe response that contains a long SSID. The target MAC address must be provided to use this exploit. The two cards tested fell into the 00:14:a5:06:XX:XX and 00:14:a4:2a:XX:XX ranges.
8e29a33ce3fa0dea0811bce89496dec2This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.
a403e8304d2632dbf796bf0e140b69a9MiniBB Forum versions 2.0 and below suffer from a remote file inclusion vulnerability in index.php.
434d0cda87e8545b15ddfef150870811The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
3bbd0c7852ae5559f60d243ce8a9a966Fedora Legacy Update Advisory FLSA:211760 - Updated gzip package fixes various security issues, ranging from denial of service flaws to code execution flaws.
476b7e065901ce04e9d99e56f6828da9Remote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service. Versions 2.6.2 (SVN revision 1748) and below are affected.
1acfd760ecdbf727aa5822f4090ea4a5DirectAdmin version 1.28.1 suffers from a cross site scripting vulnerability.
596ccf0c0743c29d93004c2441c033b3Topstory Basic version 1.0 suffers from a remote file inclusion vulnerability.
abc7bd1b3532debdbb95483acfecacd9infinicart suffers from SQL injection and cross site scripting vulnerabilities.
ffedc4797a1ff3c61e69d933e1cb1114MyStats version 1.0.8 and below suffer from SQL injection, cross site scripting, and path disclosure vulnerabilities.
aee6636099bb225a1ff8f6283f59a292Mega Mall suffers from various SQL injection vulnerabilities.
a7f1bd17e89fae499f6d33781de86ab8CMSmelborp Beta remote file inclusion exploit that makes use of user_standard.php.
7cd71b7c54f9bfb02a8ec2ca427d22e0StoryStream version 4.0 suffers from remote file inclusion vulnerabilities.
f9038ea8128856e2029aee807359d4d6PHPWind versions 5.0.1 and below AdminUser remote blind SQL injection exploit.
18e9515c184821f51140b2b519dcbe7e
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed