iDefense Security Advisory 04.08.08 - Remote exploitation of a heap based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, and Windows Vista.
7f0b5f5daff1e693ba3c2e9e4c1d40241602f4f0f1bd639eeb6348752f914329iDefense Security Advisory 04.08.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 SP4 and Windows XP SP2.
03d39e0c171617bc6bed7fb6be3e14daf1be8b9c372dfa5615c0ba6aa4d0858eiDefense Security Advisory 04.08.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. iDefense has confirmed this vulnerability in version 2.05.50727.42 of hxvz.dll, which is installed with Visual Studio 2005.
588d2439063be1e77858d28dd76b3cadb193e7df46f39974193b547dca836bc3Debian Security Advisory 1541-1 - Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.
69fcb84d4bc7e2013a90dd93eeb88420c908914cb89a94ea8e2e1fb1bcf462e0A stored cross site scripting vulnerability exists in Microsoft Windows SharePoint Services 2.0 where a malicious user can bypass sanitization and inject javascript into a web page they are editing.
de54a6cb63b016abf59cab3f7964511738229fd8484eb8c2dfc2ed77e80b45ceSecunia Security Advisory - A vulnerability has been reported in HP Integrity Servers, which can be exploited by malicious people to cause a DoS (Denial of Service).
ac10191ae9237fbfc91778786de04eda5cd71d860bb0818f5aaaedb491e935bfA vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Flash player attempts to access embedded Actionscript objects that have not been properly instantiated. In order for exploitation to occur, an attacker would have to modify a DeclareFunction2 Actionscript tag within an SWF file. Exploitation of this vulnerability can result in arbitrary code execution under the context of the currently logged in user.
8fae64bb0f5479c2daddc21ca71de52bb43fc79e1f3b459d6f50ca7911ac798bA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI function CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
34953549b26a5db96fbab3faafd2fc61b496bf2b5c73f1439c8a3505da7e6babKoobi Pro version 6.25 showimages suffers from a remote SQL injection vulnerability.
dbe9a577c176c6733ab118a2f79d9f60fd66a34b78e553e829a898cb20121b8fKoobi versions 4.4 and 5.4 gallery suffer from a remote SQL injection vulnerability.
d273901d4e8e3d398e839549f2e1eea397f2b628066a932e27813a516126d11fKoobi Pro version 6.25 gallery suffers from a remote SQL injection vulnerability.
535de6b7a28e8b3ebc3a08be0a4c6ca4bdcac390ae324b07b1d5e5e4df19dd0aKoobi Pro version 6.25 shop suffers from a remote SQL injection vulnerability.
0318d2fbfa244b67286bff483191bf224955f6de12f1f9d119f656c981927e88Koobi Pro version 6.25 links suffers from a remote SQL injection vulnerability.
81419c599a02453caf60bd6a70822f217b64f9de41b86be7a5140a54299fbf82Secunia Security Advisory - A vulnerability has been discovered in LinPHA, which can be exploited by malicious people to disclose sensitive information.
852ce2a4dfb824329860e4a15c1bfdf0a873449ca1421790eb2bced946f92d77Technical Cyber Security Alert TA08-099A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
376425dd8c50ca785b4ad78bfa54a40de33fb20f150f041556a95cec6cb2f69dThis paper shows that Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the "next" query, thereby overcoming whatever protection offered by the transaction ID mechanism. This enables a much more effective DNS client poisoning than the currently known attacks against Windows DNS stub resolver.
fcbad979678328d35c5f23e8e94a9efb78263e2ea3c4b81d3d339f74542d6222Prediction Football version 1.x suffers from a remote SQL injection vulnerability.
cb46a6b360d756b5229d374de741c78696ba4f5b59935f126b6bd63b4363006aSuperNET Shop version 1.0 suffers from remote SQL injection vulnerabilities.
ca687d66d86d1a652b6bf8a757d6dbdac0144ae3b0c81c8c5322727978be35baHP Security Bulletin - A potential security vulnerability has been identified with HP Storage Essentials Software. The vulnerability could be exploited remotely to gain unauthorized access to data.
749937f0ffae4265cf178936cff36ff8664271068bf1ae3cb7f7b656d71a46b3Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.
fb34a3d4e18d1e8af3658c6272e7e8976431669d015724f634b37da32a293743Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
cf9be9aa435c0ce38284eae017c2b7bf2b00434d3fcb1e950e6bbdd5a27ca5a3HP Security Bulletin - A potential security vulnerability has been identified in the embedded management console in certain HP Integrity Servers iLO-2 Management Processors (iLO-2 MP). The vulnerability could be remotely exploited to cause a Denial of Service (DoS).
94fd502f8d58eee4c8273c42d8c9ac1d7a1b07a05fac9c8a1068772818fc61efSwiki version 1.5 suffers from cross site scripting vulnerabilities.
9ab010fffeaf6a43e91740ca213df427dbb5e10d74dc70052a56e02070d5a49cLokiCMS versions 0.3.3 and below remote command execution exploit.
97625b027c63c4c535bf7a6c88ec0da3b8c3fc2cfc16f9760076f9cfed76a8c2Flaber versions 1.1 RC1 and below remote command execution exploit.
7878cc53832b9211a66f0f91903546f496d3434029ea77542e3836118ab4678f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed