Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
fc0a1b5efd1652a58c80143a93e3a22f3e8e87c57a13cd1c5c7edcda6aa74afaA vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS. The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
73dad834e8ff64514f4a305d4cd194246463b06aed7c666a0862feb68f6c97d4iDefense Security Advisory 05.27.08 - Remote exploitation of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Library Manager. The Library Manager is used to manage the replacement of disk drives in distributed locations. The Manager consists of a single process, the "robotd" process, that listens on TCP port 3500 for incoming connections. The Library Manager is prone to an arbitrary command execution vulnerability. When sent a specific request, "robotd" will use a string from the packet as a command to execute on the system via the CreateProcess() function. This allows an attacker to run arbitrary programs on the host with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
89af74c8a928b81854ee449e94087273d27f78d647c9fd326a1544aff4057f61iDefense Security Advisory 05.27.08 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities. iDefense has confirmed the existence of these vulnerabilities in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
8da9b9e7f94fd0d1345754a53a84aca4080928bbb8dcd14ed122e9038bc29440Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
e312925c3a88adcbaf242f9a2e1d47c30c9041b15512ec09273576dc7eec87fdSecunia Security Advisory - A vulnerability has been reported in Cisco Voice Portal (CVP), which can be exploited by malicious users to gain escalated privileges.
23d19ebd5d2722b6d0316f55bf74fb45a7631b3b9a9d99e462d0afd271de8801Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Service Control Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
bd0ae3a4b7ce74da4ba0b008d75cbddd679e33ab0b0f94f0664ebbbf9464b23aSecunia Security Advisory - Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
db68766e691e65d24a21bfff0d3c413c6a92c61d80175da01db437d42966a5afSecunia Security Advisory - Red Hat has issued an update for compiz. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
4f0b6497b83e76b87a0da9874aaee7eae875a3736422d9211db450c944543222Secunia Security Advisory - Digital Security Research Group has reported a vulnerability in SAP Web Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
b528e46e31a3863ba167d4d6b01f92cca168196b2334f49dfbc679e86a642a34Secunia Security Advisory - Some vulnerabilities have been reported in Trillian, which can be exploited by malicious people to compromise a user's system.
ae38d7ea7febd97bff46ccfbd229a071ac6d53a12d300699540ae3d437b136aeSecunia Security Advisory - Red Hat has issued an update for setroubleshoot. This fixes two security issues, which can be exploited by malicious, local users to conduct script insertion attacks and to perform certain actions with escalated privileges.
d28120733c771149894189614380fb10fe8a855ff15243e91cb2212bc0698affSecunia Security Advisory - Red Hat has issued an update for dovecot. This fixes a weakness and a security issue, which can be exploited by malicious users to bypass certain security restrictions.
b2c3cc75ad8dcdd0145e47216725672e02a3bc8e6f0b3593bf09c3848125a7aaSecunia Security Advisory - Red Hat has issued an update for mysql. This fixes some security issues and vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and gain escalated privileges.
c0421023293c75ae791415120934d2e3cf3d4c3ce4e26226ac6d2ba650f69855Secunia Security Advisory - A vulnerability has been reported in PCPIN Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.
a82bd6c1ac78f14ca3933f70605f2572811a990afc1d04f5e1bb9184606fdc6dDebian Security Advisory 1588-1 - Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
7d370613a9637a5c92997661524dbca3c8c5f98f4be417a3dc5f5aa9a147b85cHP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
fabe48a5968d90a3679f2d3ed465834be43c8c6cd071959bf8788762c32d220aCKGold Shopping Cart version 2.5 suffers from a remote SQL injection vulnerability in item.php.
5e4922967eefb9f5b28e2ebc03418def142399f03974833596ae7af9041893a2RevokeBB version 1.0 RC11 suffers from a remote SQL injection vulnerability.
fb6f0b3937438057cf60975d72f55a9281369ecf0cbe4b709de893e2a773e822Gentoo Linux Security Advisory GLSA 200805-21 - Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Versions less than 1.4.4-r1 are affected.
39ae83bf9673c0b6e7ed914ca54a6bdb2a9e16d294460c89757b65f44081cc7bPHP 5.2.6 sleep() local memory exhaustion exploit.
4dd8ed46a3bc2ba3bfdc26e4c03594bf2971e2b04708aaed650930d36967362astrongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
92d281963d9e235d0fe37e621d5fd33734c5b3b09d1e3961836e035fa454be1csqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
48b7d75f816a3c6179dc709399e74dcd9a38412988214346216298cd265d1f0cDebian Security Advisory 1587-1 - Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
5186c84f13a7d6b4ce1dd045ce14f9d415f82dc1c42b0407ebee613c3d317e44Class System version 2.3 suffers from SQL injection and shell upload vulnerabilities.
c68640da53d73085a2fd56aed3ccb57ae05d185e8b33ed871f990a9e993fbd6b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed