The CIA released this document, called the "Family Jewels", that holds a compilation of internals reports on operations that were not within the agency's charter. The file details assassination plots against Fidel Castro, use of LSD on citizens, and spying on anti-war protesters. These reports cover the 1950s, 1960s and 1970s.
1c4bd3c0ba81fe84d3f89060b145c65dGoogle suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.
459a086c430c1baab2876351e11bca5fDebian Security Advisory 1324-1 - Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter.
26452761f9201daaca406d4d078f4dc5Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
9675f44fcc9ff2e27cb29ebe574700e6HP Security Bulletin - Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS).
d579f8c240229015508d34de93d4860bSecunia Research has discovered a vulnerability in KVIrc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "parseIrcUrl()" function in src/kvirc/kernel/kvi_ircurl.cpp not properly sanitizing parts of the URI when building the command for KVIrc's internal script system. KVIrc version 3.2.0 is affected.
eca95b670072284214a381b3ab8bddccSecunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash. Symantec Mail Security for SMTP 5.0 patch 176 is affected. Other versions may also be affected.
02195070799671305de88ef8d97b76acThe .wdp project file handling in PCSoft WinDEV suffers from a buffer overflow vulnerability.
03e2b0381750550784d286d7af738550FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
8a111eadb91711d8899026d4b3701b8dAMX Corp. VNC ActiveX control remote buffer overflow exploit that takes advantage of AmxVnc.dll version 1.0.13.0.
5a542260d691cdb83d713acfe3cfdbfbWebChat version 0.78 suffers from a remote SQL injection vulnerability in login.php.
ab44837e8231ddb5b0a989018a3484a8GL-SH Deaf Forum versions 6.4.4 and below suffer from local file inclusion vulnerabilities.
33ba10bae756ec62ed5b742f69f4f10cb1gbb version 2.24.0 suffers from SQL injection and cross site scripting vulnerabilities.
f73b85189616edcd37f4e1e1fca2ea8aeTicket version 1.5.5 suffers from a cross site scripting vulnerability.
a1c07d9004514c4431101e175ebb8229Debian Security Advisory 1322-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service.
20e07426232a158c30e0c4f0c599b71fThe Internet Communication Framework from SAP suffers from a cross site scripting vulnerability. SAP Basis component versions 640 SP19 and below and SAP Basis component versions 700 SP11 and below are vulnerable.
b99a70ec87a15421b7c3258a9006d935Conti FTP server version 1.0 remote denial of service exploit.
0d50024b84b54ca804ec478b2474ba52Checkpoint VPN-1 UTM Edge suffers from a cross site request forgery vulnerability. Proof of concept included.
1d625994269984c1d11f5b64905bb3c6PHP versions 5.2.3 and below and 4.4.7 and below suffer from a safemode and open_basedir bypass vulnerability.
460a801dff45884fb66618663c97d1dcUbuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.
b56772df3eb4fa4f7ae9133ddcf880f3Ubuntu Security Notice 477-1 - Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.
688105ec1e7c951d3c3189647680931fMandriva Linux Security Advisory - A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution.
1e60143c69565aa376ab66084cf21edbGentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.
25f011fc6cb7b0c4fa78bdcef1a05486Technical Cyber Security Alert TA07-177A - The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
ca9fd5b0f8f4670723d93824b634d7f2iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.
0a3aed3cee081a68d9792187e97223c2
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed