Whitepaper called Returning into libc. Written in Portuguese.
3580c5306764d1c29398c6bd477d467f86fc2867b349f4943a56b214df186d74Akamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.4.7 of the ActiveX control. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
6fc366214bd516b6a4df693b28db45824983d914361ec322d96d6ab47a9dbfffPhorum version 5.2.11 suffers from cross site scripting vulnerabilities.
37a4c5e5603b44b34dcfd5876a877496b6e20448b77907df59ddb38159ab3975Ebay Clone 2009 suffers from multiple remote SQL injection vulnerabilities.
79d11b0e2bb6498b955af7eadc0f479b8fdf25849dd2022be874c24ca295d64a3a WebMoney suffers from a remote file inclusion vulnerability.
1aef5b22ef765a72c94bf48c2df81019e73bd5b18ea7ff1422ef1fcafd9cdc65AShop version ru.1.Beta suffers from a remote database configuration disclosure vulnerability.
fded7097c9fbd4a2b01c23bd5b87959fd862927fea8c453911ba2b7f5a209667Knigman Shop Script suffers from a remote database configuration disclosure vulnerability.
4568a9052afe1540e313f47e7f21ecab68f900e6d1b37874df6dd2a2e1fa7ee7Ubuntu Security Notice USN-798-1 - Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Attila Suszter discovered a flaw in the way Firefox processed Flash content. If a user were tricked into viewing and navigating within a specially crafted Flash object, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Firefox did not properly handle some SVG content. An attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the JavaScript engine. If a user were tricked into viewing a malicious website, an attacker could exploit this perform cross-site scripting attacks.
3fce72ef2ecfd481b235326ef82129042a5ba046cafbaf06c83b33248cdae746uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
13057a6d9a4ce6617d07316cf3ac864b76984cb10985c54168293dbc49851d8aHP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running XNTP. The vulnerabilities could be exploited remotely to execute arbitrary code.
d9cdab8e1fe997da061f0612c947f172b2fcb3add913836a42b31e48d2a4ae54strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
67248b40ad5e70cee17052620aba27d375ca88b6b00a9dbfbdbc7d8b5cda7d92otsAV version 1.77.001 local heap overflow proof of concept exploit that creates a malicious .ofl file.
fb92adf3b19499a4481bab9f2d50450e72ca076ef8735a180ed868d2dd8d3dc3RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables. Windows binary release.
e138bf840a9498c6d2c0d0f2ec4f20754c9731b0af83cdb9ef4b5fa28cd308a2Debian Security Advisory 1813-2 - The previous update introduced a regression that stopped encrypted and signed S/MIME messages to work properly. Also, there have been other regressions caused by the introduction of an undefined symbol. This update corrects these flaws. Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite.
9088ac45791106e1e4cf2844d16833e1df769776b607f955315470f1df30fcfdWINMOD version 1.4 local buffer overflow exploit that creates a malicious .lst file.
bb57a45ba9fcdb45e6020b515e54545c9ddaf5809c63a5f02f95430ac853c58aSecunia Security Advisory - Moudi has reported two vulnerabilities in phpDirectorySource, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
8acebcfe9c68f6e9ac793bbcf6a015811acf4e3b5eb7b2988940b67610c2f0b8Secunia Security Advisory - A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct script insertion attacks.
99ecb729c1f2eebc334d13579e315193f670106417741a84315200dab9dc6b31Secunia Security Advisory - Some vulnerabilities have been reported in PDFedit, which can be exploited by malicious people to potentially compromise a user's system.
47946accc684f11d266d048473ca21a547c4791fcff05e615bf5bc2f4e4681e8Secunia Security Advisory - Multiple vulnerabilities have been discovered in phpGroupWare, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or conduct cross-site scripting and SQL injection attacks.
cdbdf74d4d3bb17e4257c5ebeb62b60ad6a05561fd09c543ac038c3de35647deSecunia Security Advisory - Moudi has reported a vulnerability in CJ Dynamic Poll Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.
16cfdc030934ed7c70e7d51c5ac765cdb3f1d854ab20f77031210bb6750b7a67Secunia Security Advisory - 599eme Man has reported some vulnerabilities in Hutscripts PHP Website Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
908badbcf816184403b3c4969e3f7721e3e0e0a9aef5e40bce84a24b77b490a4Secunia Security Advisory - Moudi has reported a vulnerability in MyDLstore Pixel Ad Script, which can be exploited by malicious users to conduct SQL injection attacks.
6ec7af54d38bace00ad6464195ccf4f0c3269a6f01f2df69f1329e910ef000aeSecunia Security Advisory - Moudi has reported a vulnerability in Hotscripts Type PHP Clone Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
ecbcb21736f34dd144d87dfbf2fb26ffb3cda8e600de8190c4cfb59157813895Secunia Security Advisory - Stefano Angaran has discovered a vulnerability in Snitz Forums 2000, which can be exploited by malicious people to conduct SQL injection attacks.
d1f2fb605913db4dc6f52c059e074979339668ff81c5ded8fb5222e9e0c4e455Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
372bccea1f8b24331b7d7f89f785d2861cbb434da1d894ff4125ace26528d922
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed