This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
bd62fbcf8cbf9573b7dfd23935b5cdb8FlatPress versions 0.804 through 0.812.1 are vulnerable to a local file inclusion vulnerability that allows for remote command execution.
62a2749aa60d5266fdcedba67c735356The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.
39a2b8bf0a2aa4311a73c1dff54a557eIBM Installation Manager version 1.3.0 and below iim:// URI handler remote code execution exploit.
cba0b6ebda26e22266089d0679e4c8feMultiple EMC products remote buffer overflow exploit that takes advantage of keyhelp.ocx version 1.2.312.
adf4ba6c42a12de8fc3a8d2998fefbc3Oracle Document Capture BlackIce DEVMODE Active-X related remote stack-based buffer overflow exploit.
45bc30648d4da6d0e456a9e9f3c80694HP LoadRunner version 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation proof of concept exploit.
4550e59e5f7b19bb56e3cde93e538993Oracle Document Capture BlackIce DEVMODE Active-X related remote command execution exploit.
df3df1e008e29b946b9b2bb9ac29b8f2Adobe Photoshop Elements 8.0 Active File Monitor Service suffers from a bad security descriptor local elevation of privileges vulnerability.
4c24f40b5fc01d7fbf5241769744b3a1WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.
8acd312b18e011b742860a8201a4793cDam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software. Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity, effectively restoring the running application to its original uncensored state.
bacb81fa63707e78ca1ec66d2241773aSecunia Security Advisory - Some vulnerabilities have been reported in IBM DB2, where one has an unknown impact and others can be exploited by malicious users to bypass certain security restrictions.
89494cbaee39794035970b5418e9264eSecunia Security Advisory - A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
d014032cafe65ec96d6d0e0ba5fbf304Secunia Security Advisory - Some vulnerabilities have been reported in Juniper JUNOS, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct script insertion attacks.
f3bc6e9c52f143957d44fd92a402b31eSecunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service) or compromise a vulnerable system.
23045f86daec1c1e74b9d84c0a9a47dcSecunia Security Advisory - A vulnerability has been reported in HP Remote Graphics Software (RGS), which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system.
510fff61b8e3f6f1c8dc3b4f9036a414Secunia Security Advisory - Maxim A. Kulakov has reported a vulnerability in multiple TrustPort products, which can be exploited by malicious, local users to gain escalated privileges.
e7fbe2cd92a8a196b73eb3db8c73c8ceSecunia Security Advisory - A vulnerability has been reported in the FireFTP extension for Firefox, which can be exploited by malicious people to manipulate certain data.
174a211fff96134a2bf29097974f3f68The E107 eCaptcha plugin suffers from a cross site scripting vulnerability.
9bf6eec349f9f3a9671fd5a91381079eHP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender. The vulnerability could be exploited remotely to gain unauthorized access.
c6b0b7cf9a5b9153b505cd95fdaadfd0TrustPort Antivirus version 2.8.0.2265, Antivirus Business version 2.8.0.2265, PC Security version 2.0.0.1290, and PC Security Business version 2.0.0.1290 suffer from a local privilege escalation vulnerability.
f4125c990ffeba14c91e81629e0b2a6eDebian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.
1cc29d8e7c72d67ccea9c6e02738dee6TorNavigator is a Web browser dedicated to the TOR network, which allows people and groups to improve their privacy on the Internet by hiding their IP address through a network of virtual tunnels. TorNavigator includes a built-in Tor server and provides the ability to choose or ban countries in order to use an IP address from a specific country. The Privoxy local proxy is used for better privacy.
6be618b7b1a7e557b51c96e01a0be5caThe libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.
f9af01f4ec602506da717632b94354fdUbuntu Security Notice USN-838-1 - It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code.
54a118d0ecc432c97961d4edf92d88b7
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed