Mandriva Linux Security Advisory 2009-217-2 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded. The new packages addresses this problem.
5d153e895d2c4dc83174535c48a54a3e25b1eb3bc4bd5b2021de6a9d2f438c6eFreeBSD version 7.2 VFS/devfs race condition local root exploit.
0962dc609b578253e7a0077ff12df2f5ca748f4130b4878e9ea7f88748d745d0FreeBSD version 6.4 pipeclose()/knlist_cleardel() race condition exploit that results in a NULL pointer dereference and runs code in kernel mode giving a root shell and escaping from jail.
ff5a5f20c66ed5ad7afaa75d4c20c068bb2ea0c34ba9b00106c522b3827ab739Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird.
23af80c1b7971740b54732c05fcee9a0e68f26cda0ac036694fe85e3e7b41042Ubuntu Security Notice 845-1 - Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
8a07b43623964554ee4d60030d33abaa73cee06f563bc7b18311e5fb89cf9196Ubuntu Security Notice 844-1 - Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \\input and \\counter tags.
6ebcdd3ec522f75d7b824d647265faab643b4fafb8577e9bbd25a36e4e4fad79The BMW inventory.php script suffers from a remote SQL injection vulnerability.
3c9bcfb16697ae94c4cde39bfc91d31405bae08f03e6a05ae71d30407236a042httpdx web server version 1.4 if vulnerable to a remote buffer overflow vulnerable when supplied a long GET request. Exploit is written for httpdx 1.4 on Windows XP SP3 and binds a shell to port 58821.
5d96dbe8f5911c612a8f12706970eff41b42e26d83533dd643d8743bbe48c779DreamPoll version 3.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
96540251c99a71b9548802ebedafaafcfd836b4aa7264156b4aae4a60ffc0e2bFree WMA MP3 Converter version 1.1 local buffer overflow exploit that creates a malicious .wav file and executes a reverse shell.
91a500175b9cf71b97054fc07b9ac5c5a2c5625d18c5b8c212a166f6e30ed90dMandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this.
28c2075c1e4286319cc937a5d2585bf98b1ac3991c45cf7ef0e9bb1a1fa81964Riorey DDoS mitigation appliances suffer from a very poor design vulnerability where they have a hardcoded root login and password for automation. Fail!
29c26502b9e544b424841c7d7e3ccd28614e8629e9e6f9e8c76dac87a75fd345The VSFLEXGrid component of the SAP GUI is susceptible to a buffer overflow vulnerability.
04d60f014b9f2a3d08a47e1adb8e4bb8844b3ade41a517d5445b1dd291408bc4Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
032340f6ad00d3fd6574a58ec760211cc4ca9e551c56263295c9d5478714ff05iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7Debian Linux Security Advisory 1903-1 - Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
6d5179b5aeb249da4cccef2f2c75a9a35492f1a8e89f9bbfd1ebd39b5ba9fb5fAda Image Server version 0.6.6 SEH overwrite exploit. Written in python. Binds a shell to port 4444.
d87bfb3e20915566a05ab76213e11a737937addc368ddc45c29a3fc9b3288009Mandriva Linux Security Advisory 2009-258 - A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue.
ae264392410c356f15e323a1579630a82677a08a2427e39a21de50cb2e69fd12Aiocp version 1.4.001 suffers from additional remote file inclusion vulnerabilities.
d5f3c3ea2de07e6a0210370e40412708d788a12a573295f2e9b02d40a734c2fdHP Security Bulletin - Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
dee6572b2f13d5c018e94984cef0ef071e52601d32d372abf35ff88651969613BulletProof FTP Client version 2.63 build 56 buffer overflow exploit that creates a malicious .bps file.
54feb16effffb6293466f4c1bec363d91cd5eb8e7dc5e168d2470fdcaa911483The Joomla Recerca component suffers from a remote SQL injection vulnerability.
918fd128c5b2063a82b782b1023a1fc630b16609a39c38665e043e91dd4b2b13origami is a Ruby framework designed to parse, analyze, edit, manipulate, forge, exploit PDF files. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and/or analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
03d625dd6742e83e1cf1e7aada8ac8204c837386922d724032600a741c8dd32d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed