Denial of service exploit for Mac OS X that demonstrates a failure to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors). Memory corruption is present but is unlikely to allow for arbitrary code execution.
77c282215b05a90062a750e7665e4b67a076420028accebdd30a6844a364c287XMPlay version 3.3.0.4 .PLS filename local/remote buffer overflow exploit that executes CALC.exe.
664a4d9eabb538139fee5820039e98298fdd81e7b0de9cc82fa0b27721b11935XMPlay version 3.3.0.4 .ASX filename local buffer overflow exploit that executes CALC.exe.
13b97521a139cc19571c37602af2fe403fbb1a249cb3da57cb484f4eed48a42bXMPlay version 3.3.0.4 .M3U filename local buffer overflow exploit that executes CALC.exe.
082bb5e1b00a07a7d2af2a365a3da3b5aa70c31d6de463b58cf200a19606e19fSeditio versions 1.10 and below suffer from a remote SQL injection vulnerability.
b39f18b07be79d4077fc318a04f7c06befd5cd3366b0dc7830e9046caac56819Mandriva Linux Security Advisory MDKSA-2006-208-1 - An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.
7264455a882c69fc522fd0d199bb81e73d99e16e8b470d9e9cfe50c75c10629fGNU tar suffers from a directory traversal condition. Exploit included.
9f117a005fa12ba3f2e915794a41b81dab5cc919959856eb45ec674d29544949Patch for Nmap 4.20RC1 (and some 4.20ALPHA versions) that adds a runtime option to toggle the sending of packets with bad TCP/UDP checksums.
e180b38e4a7275e4114c2efec3e17fc8133b9b2f0046f82fac757451fd6323a6ContentNow CMS version 1.39 'pageid' SQL injection exploit that discloses administrative credentials. Works regardless of magic quotes.
16c1430531ad118bf77a1a3a6ce8f1e6fb067b1faacd9f3e434d047d554c831eContentNow CMS version 1.39 is susceptible to SQL injection and path disclosure vulnerabilities.
66b8d3c6fb056d3f9c7d05c58697340c1940620e1d27116558ae69297bbb9685Ubuntu Security Notice 382-1 - USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
716148f75d9c048908c1a6931eda882c0b85cb4cc4ac3ec88b2f50b830fe3a7cUbuntu Security Notice 381-1 - USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
b8121ede409ee2c6cbec1387ce70dd739175685b72d182572c33cce4789d5571GoogleCall uses Google's Click-to-Call service to send a number with a forged Caller ID. It automates the process of sending multiple calls to someone with multiple forged Caller IDs.
4959d7dadc41924eb0e652cf13304235976fb8282f1f61c2e5fd80f616545617PhotoCart version 3.9 suffers from a remote file inclusion vulnerability in adminprint.php.
9d54801dcb5ca69678e8840e8d08b0b65c432ebd21cc84d92c44a95dbad83d37osCommerce contains a flaw in the admin section that allows a remote cross site scripting attack.
9dd57fe31faf9453447a5f66dddee562bd6b473276ce0b63430fd638f9e4f477Debian Security Advisory 1218-1 - It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service.
53c1c3fb027239e67fe8aaec759509b59c141ef9cbdf3bf3ae383afdc4b145c1Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running before performing certain actions. This can be exploited to launch iexplore.exe with SYSTEM privileges by terminating explorer.exe and then use the "Test Your Firewall" functionality. Affected is My Firewall Plus version 5.0 Build 1119.
ee159e8046e5a86fbf500118e4328f30c3a6fe4b3df866772f1585f7ae99b181Gentoo Linux Security Advisory GLSA 200611-16 - Miloslav Trmac from Red Hat discovered a buffer overflow in the readline() function of texindex.c. The readline() function is called by the texi2dvi and texindex commands. Versions less than 4.8-r5 are affected.
09cefa62c73fd86b5ddd651c4c5ebaa1c8be0dd07df40d2ae5a4f98a5ace0464Gentoo Linux Security Advisory GLSA 200611-15 - qmailAdmin fails to properly handle the PATH_INFO variable in qmailadmin.c. The PATH_INFO is a standard CGI environment variable filled with user supplied data. Versions less than 1.2.10 are affected.
edbe1926aa508c32022694461cf5c8a0ae528e091bad39593fb595c0acf89d3cSecunia Security Advisory - Gentoo has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
776ea81699259163636485e50d4aa9816b2f11fdb39c41b7138f97a81270a545LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup version 11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system.
2dcef1d88b90b8926cc40a7227cab7456d72102e182bcbd7fcb6e0346da13648Whitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.
76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162Secunia Security Advisory - Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges.
babc1a8bc1c1c8c0dbe7e20a0605e109c90bc5d9555c191d4c154a213ca41f3bSecunia Security Advisory - Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions.
b29edab8318513df97c0c7ffb5598172ee8157e93881fe1f3be9627a3620c790Secunia Security Advisory - Some vulnerabilities have been reported in Fuzzball MUCK, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
80ccb578b74500f23b83311318401647587a5f416ecba01cc00e65b64f55e75f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed