Core Security Technologies Advisory - A vulnerability found in OpenBSD's dhcpd allows attackers on the local network to remotely cause the DHCP server to corrupt its process memory and crash; or continue functioning erratically thus denying service to all DHCP clients on the network and, if PF updates are in use, potentially affecting egress/ingress filtering as well. OpenBSD 4.0, 4.1, and 4.2 are affected.
cc127679daebed5635aaa505605a453c6446720485c7a6f386cb9d149b3fdbbcA vulnerability allows attackers to execute arbitrary code on vulnerable installations of EMC RepliStor Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the RepliStor Server Service that listens by default on TCP port 7144. The vulnerable function trusts a user-supplied size value allowing an attacker to create an undersized buffer. A later call to recv() overflows that buffer allowing for arbitrary code execution in the context of the SYSTEM user. Replistor version 6.1.3 is affected.
ba2bd1a7c717a800a7057447c14bef7fce8c127fa3bf9f8f8c5852e8b926ca7eA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing an overly long request, a stack buffer can be overflowed through a vulnerable call to sprintf() within the function process_packet(). If properly exploited, remote control of the affected system can be attained with SYSTEM credentials.
eb7e74a789975155ed378a43a35f407b6b817ac69a9b3d170f716707de4cd694Multiple vulnerabilities including a stack overflow and some denial of service issues exist in the IBM DB2 Universal Database versions 8.1 and 8.2.
41d50920d2a9c8e8d91691d642f0b3e775f5579126dcb7b6697e9fd1be958e1bA vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.
81c3eb66a83ea337ccd5a2db389db399942be188bee24be99a592d845a95a2b3Debian Security Advisory 1385-1 Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code.
7d2351d6bbaaa26298488b154c33c30a4f4f804aa58415cb559dec4380f72994Eleytt has discovered various buffer overflow and denial of service vulnerabilities in CA Erwin, G Data Antivirus, CA eTrust, VMware, and CA eTrust ITM.
e744374fb45a8a99ad3791b2ee6d78d682fbc766adfffd201b3e3161c3d5b70eiDefense Security Advisory 10.10.07 - Remote exploitation of a format string vulnerability in Kaspersky Lab's Online Scanner virus scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 5.0.93.0 of Kaspersky Lab's kavwebscan.dll. Previous versions are suspected to be vulnerable.
f707942595ccab88728e76bcf1c0ea83ad5306251adf6e09c6e313ef8b7a67a1Multiple vulnerabilities from Russian blogs have been aggregated. These findings discuss vulnerabilities in PHP versions 4 and 5, WordPress MultiUser version 1.0, ActiveKB version 1.5, Joomla! versions 1.0.13 and below, ActiveKB NX version 2.5.4, UMI CMS, Nucleus, Stride CMS versions 1.0, and more. Exploitation details provided.
fb869b5b3ce55625ab55a47de8fcf2451573a9cbadef41728be9a23809d9f5e8Debian Security Advisory 1379-2 - An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application. This update to DSA 1379 announces the availability of the libssl0.9.6 and libssl0.9.7 compatibility libraries for sarge (oldstable) and etch (stable), respectively.
48b61603702f71e2ad12ac78902caa5946d15aa9cf52ad2af474632a27152a35Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.
5e6beed403d366c145b69ef187cb6e89c970ef02a7ab577a2744fdfb90213dccCisco Security Advisory - Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed.
2d4f170ce3b5d6b82488777e019f465935b8b4b0f8bd35c0d1173dedfb4f08b0IRM Security Advisory 024 - The Line Printer Daemon, which provides print server functionality in Cisco IOS, is vulnerable to a software flaw whereby the length of the hostname of the router is not checked before being copied into a fixed size memory buffer.
c3d16146d2b31bf0699e2084a8907b064711cb6be0decdda1b93a7b85b71b983Whitepaper discussing the exploitation of buffer overflows on Linux x86_64. It demonstrates techniques to bypass PaX and ASLR protection and includes two proof of concept exploits. Written in Spanish.
e76b4cb8d12c64ae47f45baf42646fd6bd757ea41e372a006a142a0e71d65ca4Eggdrop server module message handling remote buffer overflow exploit for Eggdrop version 1.6.18.
ee71d0a234984d892e0d28c0475a8fa07dcc5391e652ea3563ed65734a9cbbf9Solaris fifofs I_PEEK kernel memory disclosure exploit for x86/sparc.
cda504ca70a36cef8226f4a95896c7dee7537f1fcc1ed72f7bfd6a7988fea5f7PHP-Stats version 0.1.9.2 proof of concept exploit that demonstrates blind SQL injection and remote code execution vulnerabilities.
411067c6e3ffe3d57a836f7f4d1f2a19542d244fe4aabc630d27e787bebbf4dbNuSEO PHP Enterprise version 1.6 suffers from a remote file inclusion vulnerability.
170b82210971000416bf579a9802fa5fc6d3cd7230a8fdcff77e0bbe60ed224dcpDynaLinks versions 1.02 remote SQL injection exploit that takes advantage of category.php.
f9125aaaf0889b7f6a381f8cb9f42478dddc1f69724c5b4406af0bbfa9dc2bbdDrupal versions 5.2 and below PHP Zend Hash vulnerability exploitation vector.
e0ceb8a054f3c90526912645c8617d496ab9245d1bba15d01bd4e70137ae76dcTikiWiki version 1.9.8 suffers from a remote PHP injection vulnerability.
2bbd29dae4a713bb41df08cf2cb1223b6bbfa534b1aa3ad74391d175ae6bfd0aThe Joomla JContentSubscription component version 1.5.8 suffers from multiple remote file inclusion vulnerabilities.
1e8c699e4f23dc2d8c73c35769525ab64c9652f7089a36cf56052544d576b21aThe Joomla MP3 Allopass component version 1.0 suffers from a remote file inclusion vulnerability.
df9f51de00edcdfd7c30955c7454ca0d582ef1cf839a577df72b0e569b968d55NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
c2d8738fd077ed85d575b183e0bbf215ab2a7f36b2e342926734344d8a3b9520Secunia Security Advisory - Ivan Javier Sanchez has reported some vulnerabilities in MailBee WebMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
7ef4fd87e68b174965a3ad41549bd00cc75d8e1123408f07675f98841e74ed10
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed