Ubuntu Security Notice 1071-1 - Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Various other issues were also addressed.
138f0d9acd9028b53e4c02afea0172fcf4090c982287a6d77f401f9155e9023bThis is a simple executable to shellcode converter tool. Video for usage is included.
615bb76846010e2d9b02e6e2405d54049a777f9250aebb20c701cbffbd929de8Altigen's Gateway Service suffers from a heap overflow vulnerability that can be triggered by a simple nmap portscan.
75c19fef6c874b519ac2c9baf65be73e2f21b601e31e7302e468dff495e2082cJoomla XCloner component remote command execution exploit. This component also suffers from information disclosure, local file inclusion, denial of service, and cross site scripting vulnerabilities.
bd1d11cc383f303dac4cb1520a59452b77f741b76b084b5ea0df94bb38723392The Linksys Cisco Wag120n suffers from a cross site request forgery vulnerability.
dd16115896453d01f25228f86f2b3ddaef343f8a7937d67e06a50aa3bf8827deWebsite By MIC suffers from a remote SQL injection vulnerability.
e4812b17d0b37e224f232c9974a3e6126178f549ad85888d440cc4cebcbf0b57Prestashop Cartium version 1.3.3 - 0.246s suffers from a remote SQL injection vulnerability.
235ad64da715d21ee421f82520eb1abfa2e9936d9d965014f9cfda3d83de594aglFusion CMS suffers from a remote blind SQL injection vulnerability.
002f00d412b223b8c47ffe2113ec5755cab7b22632218f1804e4baea4e8ae938Pragyan CMS versions prior to 3.0 rev 274 suffer from code execution and remote SQL injection vulnerabilities.
8b9afe976dfc4540c9079a9bb30cb84209dbd90c3bd9da57324bcd80fe2a9762web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.
ee2dc2d011a705d23606558d2a5af6c6a4bbf9a22dfdf2f4a9697f1c61fde09fRaksoCT Web Design suffers from multiple remote SQL injection vulnerabilities.
9aab71f6692e60a432af4d062c8c8dc8f477dc4c6ca13435df0be45adaec494ciPhone MyDocs version 2.7 suffers from a directory traversal vulnerability.
fae04cfee781085d2fd6f8575af3648f4d7585f0588a5efb5b7bb8d73098d99ciPhone iFile version 2.0 suffers from a directory traversal vulnerability.
aff27d1aa9bc27dc2109e98973b6ef23d319663bb2a0db4d43129ef37389f697iPhone Folders version 2.5 suffers from a directory traversal vulnerability.
1062f972a62f2727426510070897b782cbcae9833e2586c9aff82fee5f8b0622Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.
0cb6d86d4889168c48cf40d301af90cb71f2d53474310ed6503c5096390544cdCewolf - Chart Enabling Web Object Framework versions 1.1.4 and below suffer from a denial of service vulnerability.
8638638ee3109eed0bea5b2326a39b8428de034acd9b0f2f5efad8022120a4b1WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
478a1566e4c6f7dc28d734eedcb6ba04390148a32396154c928a3e2488959054PHPShop versions 0.8.1 and below suffer from a cross site scripting vulnerability.
a25bef9b70e1ce9498c17a7a5c93f602c1a3332be03b85ec863193217dd67c26Interesting blog entry that discusses how a glibc alloca()-based memory corruption vulnerability allowed for code execution.
6b372618ec2a21f674080b0819cbfb4ca8ee6bc398a1fbc24854277dc3dca356CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.
1165984f0f9a0bde4ed83ed6d3943f818df52123eeb80a2f91a7d5dce511133bBrief whitepaper discussing some problems faced when using cloud computing.
53a9ee31b17b5b3f1bb3226bfed1a087dce450306c1cb4d89f1193b47f77a5a5oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
19077748589c65f302bf68f488ac33ab55f6f1f62053087de4a1e3bbb3b370ce
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed