Paper called Renegotiating TLS. Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well.
ad318f67f8665ad770bc1cf6e8f7832ad97aa4d2cdd2ebe8247c7503e4a60cdbCore Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.
1fef8cb8fcac60f760b13718f93b477b71bdd1c6562c217b66231efa118f8715HP Security Bulletin - A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary code.
53080e1e2988e928bf4696c49f0cd570649bd4259d541307bb5c18f3d7d7a8c9eoCMS versions 0.9.01 and below suffer from a remote SQL injection vulnerability.
26af20d0d7bd017809cc9c50b39a28b33b797dab5aeac3d3f85c464b6b73d780Remote buffer overflow exploit for the Serv-U web client version 9.0.0.5.
8dc1389fcf83400effd619fdd1bb11bcf250e1f0e262650d97d8a4dad508d509Zero Day Initiative Advisory 09-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.
47ee5830c4dbdaefff07781e1bcdec30a4377a14962a51048810a3b53d3c3619Zero Day Initiative Advisory 09-079 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.
4d1d6b0a4c0183614c191896497e022d9098104c6686228a4c19fbeaccd7c12bZero Day Initiative Advisory 09-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setDiffICM AWT library function. Due to the lack of bounds checking on one of the parameters to the function a stack overflow can occur. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.
d8ff737490bfd7484e57e6ae6d4b8ee4689639c478e82e1f7773a587a9f837d9Zero Day Initiative Advisory 09-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the implementation of security model permissions during the removal of installer extensions. By modifying an existing installer extension JNLP file, a condition occurs that allows for code supplied by a different URL than the original installer extension URL to run as a secure applet. This condition can result in arbitrary command injection under the privileges of the currently logged in user.
bafb05241862f71746a218ff5cd08fc620db8c8ed1f7effba706e14c73e0b0deZero Day Initiative Advisory 09-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists in the parsing of long file:// URL arguments to the getSoundbank() function. Due to a lack of bounds checking on user supplied data a stack overflow can occur leading to remote code execution. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.
12b41a5dda9749bf93b9caa26fd1edf3c05e21b07772f9d680db8794d90a688c12 bytes small Windows XP Pro SP2 English Wordpad shellcode.
c6adf5d5f8b9ce048d4fe598acb2ae75a7fb1112ed7f3ed07c144830f22a5fa7Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.
280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82fSecunia Security Advisory - A vulnerability has been reported in the User Protect module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f6705f802261d5823a8dbe3b828dd3681bfb7ebf861e34a64d2171b41c294e9cSecunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.
322756def7252d2b248f8043a8801bf4ab07ca82dbc9a7aedb15476213c81bf5Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks, and by malicious users to bypass certain security restrictions, conduct script insertion attacks, manipulate certain data, conduct SQL injection attacks, or compromise a vulnerable system.
73fc0e4ecaf451e210f56becb62acc33f06dc8c686a09e25575903a8287e6ec2Secunia Security Advisory - A vulnerability has been reported in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system.
4856a5684cb3811ac5a36d53642940485910abaa8f1ed0988a86c2d5e482beefSecunia Security Advisory - Fedora has issued an update for rt3. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
1631a10aeb2e7f3567dd4bcca462deb1200ad95094e289c996c0279dd3ca9c9dSecunia Security Advisory - A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid usernames.
99157ec6fc7a3b82b525ecbabf39acfbf1045b7536dc1de7a14ab0ec1bed70d9Secunia Security Advisory - A vulnerability has been reported in the Temporary Invitation module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
14b7526afe223e86893b2a72391d597ada5fc00870b1e7f43c4b8005151f5b17Secunia Security Advisory - A vulnerability has been reported in the S5 Presentation Player module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
f47af9d980da9afec776a2c2eebbb5704c67437afbcd9a28d25a6ecef6e5844dSecunia Security Advisory - Fedora has issued an update for python-4Suite-XML. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
5e45527d837b5eeb960129b9beeeed22fc6d7d46f9bb0385f927492097cb72f8Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to manipulate certain data.
5a922b94dbe98d37457631f6725af4bad4cf4adeced79dacd195097b5448a6cfSecunia Security Advisory - A vulnerability has been reported in the Smartqueue OG module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
d75319bcc8f298a2379bf0242f4f6fd1fd0af2f7556d17f9ef9b9633b98d2870Secunia Security Advisory - A vulnerability has been reported in the Node Hierarchy module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
01096cb34a5b02a455ab6a5a8c4c9cae8e6137b7ec7daaa8a50cfaa4b22244f6Secunia Security Advisory - Cao Xuan Sang has reported a vulnerability in eoCMS, which can be exploited by malicious people to conduct SQL injection attacks.
2b54ec73ed481aeb21723a92eefa58e7846557f017dbf6c82c985cd1a55c2d23
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed