Technical Cyber Security Alert TA08-288A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for October 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
c8b73e33ba25736f307e55bdb8f6e01b3fb903043ab1b0819f71282c39ae40c4iDefense Security Advisory 10.14.08 - Remote exploitation of an arbitrary command execution vulnerability in Microsoft Corp.'s Host Integration Server 2006 could allow an attacker to execute arbitrary code with the privileges of the affected service. The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server. iDefense has confirmed the existence of this vulnerability in Host Integration Server 2006. Previous versions may also be affected.
b9fe753909d642655b6aa83a4515cd2e1b53dc02408456d1fb3e5c5f01d9aca4Debian Security Advisory 1654-1 - It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file.
3456d3287114e5611a846a0aaa0ab69bd054462ed067b13c15903ffbf12a7970Remote SQL injection exploit for the Reviews2 module for PHP-Nuke.
0b540da46c357ae5ca1a0d7bbd4a978a0aff8369e4ffff3107ae62bed9683a9aWebscene eCommerce suffers from a remote SQL injection vulnerability.
e0a3a0be3d8d9652ba6e25b7bf21030f69520cd8e8a2477768ff48c0e929e81bNuked-Klan versions 1.7.7 and below and SP4.4 and below remote SQL injection and remote shell upload exploit.
8946ccce8c05f1f5c15686d53d5da7d4012332cc4b5c86fdc39ec97506eb9b80There exists a vulnerability within a function of the Sun Solstice AdminSuite sadmind, which when properly exploited can lead to remote compromise of the vulnerable system.
8ac2013b17795600d5228efb512a53587caa34b658cc30dbd1fd5363ec38e008phpWebSite version 1.5.2 suffers from a remote SQL injection vulnerability in article.php.
569ff0d9844cf66a5386e2912f4616e1a0b8e36b122f3dde83ef524de631816cAssh is an anonymous ssh client for GNU/Linux and Mac OS X. It use proxies to get connected on remote ssh servers.
c474dc8ccea42ebc81faf4295f21a02a57e1e410ffd051c8c4f56a6988832b2fSecunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to conduct cross-site scripting attacks.
76e9bef2d0abf4b477d241ab4a7ebb34095434ea19131c4deadb7bdcab5d372cSecunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
882ecf8a5e43d5b7339dd18a73c78f88a0a735ec380aa4036c49feed10f59269Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
66aded7d1861654d5faaa86f6d90ca147972e8a8b2b5f6e0431d0f9b468fa82bSezHoo version 0.1 suffers from a remote file inclusion vulnerability.
fba61588d4350b5d2661fbbc44c757894e63ca1fa674454f89eaffac8325902eSweet CMS version 1.5.2 suffers from a remote SQL injection vulnerability.
019babe26f93a26169a6cee2f4ed636a866a5a0868918990514ffc7c13ed7ffeAlice Telecom Italia CPE Modems / Routers manufactured by Pirelli have an embedded backdoor in them that can be used to active telnetd/ftpd/tftpd/httpd.
4ec3ee06eef1a5eee4b3359f37574aa7f2ddaa978f5a693d9d1598689e642b55Mini MySqlat0r is a multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules. Program and source code are both included in this tarball.
95902f9cedcdb90d235f803f2d02db948f8175d74924df36c0e7ff6a3dee0ed4Elxis 2008.1 Nemesis suffers from multiple cross site scripting vulnerabilities.
52e5c51e245da274ad283a3c10f4b45c4b1d8cee2ed3f31a4835edc5494f2b46ParsBlogger suffers from a remote SQL injection vulnerability in links.asp.
b848146130f51fd66219162df9836c789b2abc044f101f083f930d08904e0ebeUbuntu Security Notice 653-1 - Havoc Pennington discovered that the D-Bus daemon did not correctly validate certain security policies. If a local user sent a specially crafted D-Bus request, they could bypass security policies that had a "send_interface" defined. It was discovered that the D-Bus library did not correctly validate certain corrupted signatures. If a local user sent a specially crafted D-Bus request, they could crash applications linked against the D-Bus library, leading to a denial of service.
c6ecb4a24a8541326d35924332ea02e73a30f69fe201a3a3991c2d9c1e9ab12cUbuntu Security Notice 652-1 - Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges.
8356283a00a6c079cc16db3dc7a76af22067536f991ab0a4ef9e2f9964f1083dThe XOOPS module xhresim suffers from a remote SQL injection vulnerability.
4ee5e78d8336e0cbb47a3199026a493741286380cb90f7ea7377ec4b528a70e3Eserv 3.x FTP Server ABOR related remote stack overflow proof of concept exploit.
e2d81347d0a7600243a220a6f77967c179d287dec3b9d73b9e646fbf6077c17dWP Comment Remix version 1.4.3 suffers from cross site scripting, cross site request forgery, and SQL injection vulnerabilities.
44edf97b2cd78b955622c67fb8230bd28b677939fe34ec4646e5ca24ef73a30aWP Comment Remix version 1.4.3 remote SQL injection proof of concept exploit.
8a8b6d6df60766770da59cdac75831fdd80ab889a250f9e7d891f9e070ff8135Secunia Security Advisory - A vulnerability has been reported in ENOVIA, which can potentially be exploited by malicious people to disclose sensitive information.
d9d4652f4776ffe3f088327ed92e3a5172d99eebb0ebfa89942a24a436de1ce5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed