Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
f09e067a8a31743143add874ffdc7a4a5fd2f078cf7808c58fd8f79c9bd497d4MIT krb5 Security Advisory 2010-001 - Improper input validation in the KDC can cause an assertion failure and process termination. A functional exploit exists, but is not known to be publicly circulated. Releases prior to krb5-1.7 did not contain the vulnerable code. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
b1bd884f089b3170c3a079bd0375feef10cfbc74b302004b3d4841a87c15c4b9VMware Security Advisory - This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.
be9eec1e0afa2608f6e5a930b35d6a797d067f76d7824fe15b60c52609c39c15Trendnet TV-IP201 uses an embedded version of the GoAhead WebServer that is vulnerable to directory traversal and authentication bypass attacks.
3938f4301ab67da459dc7b0191cd8932b8bbb2fc91438b5fb3cfe53d9e610625Mandriva Linux Security Advisory 2010-038 - main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the.mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. The updated packages have been patched to correct this issue.
a594ca8f9397f7050a0c918b62589d0df31710cea19426d9dd51300c8f33d6eeLimny CMS version 2.0 suffers from a cross site request forgery vulnerability that allows for a malicious attacker to have an account's password and email address changed. Proof of concept code included.
e3a131335c3eeabc5295e68559c1590bb62ccc68b79ebc84ae7e435c41e4246aLimny CMS version 2.0 suffers from a cross site request forgery vulnerability that allows for a malicious attacker to have an administrator account created. Proof of concept code included.
9d7e9fbfc073fc42e11f8165efe7cb7c1b21309f2916937abe9248fe8878b6c6CastRipper version 2.9.6.0 local buffer overflow exploit that creates a malicious .wvx file.
d5cea035509606ee18de1bb920ace4a6956ea1665d1ebf55f7a6e84fbb53c6c1The Realname User Reference widget in Drupal version 6.x-1.0 allows any user with access content permission to mine user name and real names from accounts.
a8e28216cd1d0f5195a5c2f0f4d8df8509c3c8d69917da8dab026b3e35d0fd12Virtual Security Research, LLC. Security Advisory - In mid-January, VSR identified a vulnerability in Google Chrome which could be used in phishing attacks in specific types of web sites. This issue may make it much easier to convince a victim to submit web application credentials to the attacker's site.
f3601476eca991b5fbd55769dd6d77727430ebaa9cd28fc2bb03eb2fdff6501aVUPEN Vulnerability Research Team discovered critical vulnerabilities affecting OpenOffice.org. The first vulnerability is caused by a heap overflow error when processing malformed "sprmTDefTable" records in a Word document, which could be exploited by attackers to execute arbitrary code. The second vulnerability is caused by a heap overflow error when processing malformed "sprmTSetBrc" records in a Word document, which could be exploited by attackers to compromise a vulnerable system. Versions prior to 3.2 are affected.
daa14cc23de2bfe8a5f031f0af7dd33f089c6bac4a4fcd04e877b3812873ae01The Mambo ACNews component suffers from a remote SQL injection vulnerability.
6b58c000ad255cec7230462a3906f32eb3323485dee5f74f0582fa85eb132eceUbuntu Security Notice 901-1 - It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 8.10, 9.04 and 9.10. It was discovered that Squid incorrectly handled certain DNS packets. A remote attacker could exploit this with a specially-crafted DNS packet and cause Squid to crash, resulting in a denial of service.
472e5fadcb06d9de00c885028393dde939535349c03d9161516f872d33f85656SongForever.com-Clone suffers from a shell upload vulnerability.
7b7b544ae718477b6d0cb20bc93b4cf8370bb2b4a281452decfdb62378e5c58eMail Form Pro version 2 suffers from a shell upload vulnerability.
e04f6a44ce0beb3de3e6a649ebefa3fc4a8303fe704d6bd4f78b15dfecd16a06Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.
70b75a6c7bfeabf4136e18e897f88132e74cb4a9c3e67e5d0923c49a358f6156Web-Net Solutions CMS suffers from remote SQL injection vulnerabilities.
10b77f3823f235a8a8f79c5841342126cc9e42f7526e77d23a46d6c3b8748459OtsTurntables Free version 1.00.047 universal buffer overflow exploit that creates a malicious .olf file and binds a shell to port 4444.
006bd912538a4558e0103c6a728eda92d3951ea15ec802f23dcc7b2d401bbf60UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.
c1bbc36e6ff3d925c37c6451592f8b5bab82a634b19cab5a5b7d4ee5649c1ce1Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.
39f5ed63255f91f74bafeb10491b25db0ff238ff227c677e96fd690e0beceae1Enomaly ECP versions up to and including 3.0.4 are believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for execution within user environment or to replay older, insecure workloads. Both the Enomaly ECP implementation and the VMcasting protocol itself are believed to be vulnerable.
e16285c2f1ba9ebc8fd42584526dc51cf5c5ff2063e048b6d25545b604a2ead0OllyDbg version 2.00 Beta 1 local buffer overflow proof of concept exploit that launches calc.exe.
97aeedb7c888b0fbfd5b170c8287f9ea75427a1b2168c83848438b744d20c013Easy FTP Server version 1.7.0.2 post authentication buffer overflow exploit.
c78e863c69017c22b8ea998bdbb610423ef33bb15f4be0bdd082fafe3b868330Easy FTP Server version 1.7.0.2 post authentication SEH buffer overflow exploit.
0b7f7d789a29c9c25267690aefa27462cd6509550647250e689ba0a6401bd1e8Apple iPhone / iPod FTP On The Go version 2.1.2 HTTP remote denial of service exploit.
0ec64122e1375f4a207cc059090730875027717d466135270b2da37d59ad9a4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed