Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
e485f916dc02908a390c96b6bd3385a562281706e62987fffd486c635d380991Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
7316d0f0a285a94b48f522cda8e5a4963a67a6b63cbe7e8aaa2dd7ed46a4b9efISPworker version 1.21 suffers from a remote file disclosure vulnerability in download.php.
55ca5e225126e342d46369ee76f34e6d80e49a9e985afc661e6285b8f4b6c910ModuleBuilder version 1.0 suffers from a remote file disclosure vulnerability.
213e35de465df5adefc4fb5fef51a2c1b9fcfcaa72b9f40095fc902fb7aa5b7eSecunia Security Advisory - L4teral has discovered some vulnerabilities in ILIAS, which can be exploited by malicious users to conduct script insertion attacks.
617d57750fdea3abff32828695563a1f334a956cea8fea0ee988c9ce277fbb0fSecunia Security Advisory - Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
d7c7244dc6998614dc5a96464902279538f081fb46b4bc83d4ebea025e20b1dcSecunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM WebSphere, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
63afc9feded3dcc3047faf5e97d418e53887c009d25d63ba56bc8155c8450c89Secunia Security Advisory - Skien has reported a vulnerability in AirKiosk, which can be exploited by malicious people to conduct cross-site scripting attacks.
637b1eaa172c4dcbc427cde9d6cf5e89b83ca290b506cb2febebeb6a12e1b704iDefense Security Advisory 10.31.07 - Remote exploitation of a directory traversal vulnerability in Symantec's Altiris Deployment Solution products could allow attackers to gain read access to arbitrary files hosted on the Altiris server. iDefense confirmed the existence of this vulnerability in Altiris Deployment Solution for Windows version 6.8. The specific vulnerable executable is pxemtftp.exe version 6.8.8297.48.
fa8277cc5111cfc23dbfb67fa45a274da8a6f43df22df9b77441ea7561432e97iDefense Security Advisory 10.31.07 - Remote exploitation of an unsafe method vulnerability in Macrovision InstallShield Update Service allows attackers to execute arbitrary code with the privileges of the currently logged-in user. iDefense has confirmed the existence of this vulnerability in versions 5.01.100.47363, and 6.0.100.60146 of Macrovision InstallShield Update Service. Previous versions are also suspected to be vulnerable.
df53e7e656c045b43e42fe1c4b36a4ca09f9fddad56b17b10c1cd411d44ff1f1Secunia Security Advisory - Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
4cb6006f1fac6e8f6a30b6cf1389f8dddd23a9d1e19ca5bac6924b4eecd36938Secunia Security Advisory - Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system.
d97f17986e1d34179964985b4da70b2c44705a1348ea0e5048d677e1da76f79aIt appears that the firewall on the new Mac OS X Leopard system is a bit botched.
efa50c2ac1cc5fbec32db0b5e76f7437fc458042c3a85e3b25136a6246f482e1SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.
4efe9018c77b580c8c0bdf7897b14f170b94aec142d3cc6dc57eb1e1f9e4d1f1Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.
ff66b477e49a4a9b5d88d1542d5cee03ef01f2f4ca231988e62038f76d3f78fdSecunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.
48d4afec2f5d9ccb7c0a2dfc502a2ae72692c50ed8690518870a45beb34c756dWhitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.
986692b6f4654c94d63979c6dd3fda4e17b01269b1945b047ee8d945a1bdd005Gentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.
0d73f5bba0849e1ddcfad464c93bbf52c3b793bef96268a80458eb993f14cef2Gentoo Linux Security Advisory GLSA 200710-31 - Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced. Versions less than 9.24 are affected.
5de4d869f192fec6d1b11761c3c219e64fa4c2a60bc85eb35ea929e7ffea4dd1iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.
1a95829422936a89bd9887255c30ff92f350d73e274073408ed62d53ae1c4d5fiDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.
3dec465fdd656832a851c313df9dd10488b2e285927b610249519c54c3cf6f7eiDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
1152160dd4f6457dc8644941e7cf9fd4d5b9fa651d55372dea033af1fc1e7361iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
eb8cc170ed6bb2ea346bb5e6132e53f58af5bec2acd833b04f0b10e62fb9c848iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.
ec26bd7b077f967aa8a68f926d03462460aa6ced38d18b3c6d83bfa3e540affeiDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.
bf2bf7ab5d98550fc89a5faddb98bd4109429208cc010b3c2097a31ab31c0e91
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed