Zero Day Initiative Advisory 11-094 - This vulnerability allows remote attackers to compromise the archive records on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service responsible for managing archive stores. The archive manager is susceptible to tampering due to a failure to enforce authentication from remote users. An attacker could exploit this flaw to compromise the server managing the archives and arbitrarily modify the archive data store under the context of the File Migration Agent software.
d0d60346d9845a44d20ccf13f6af2138b11858ae3433292e6668ea1052d56f28Debian Linux Security Advisory 2175-1 - Volker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service.
719f49ec7904b2f94d98af45ddb4672b74fddd92a052524c3e0a664d2a7776f1Ubuntu Security Notice 1077-1 - It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
7abc581d95fd6fa91f14b15d1919d17c1f65a3f627fcc6b20f76aa12c42d3cceUbuntu Security Notice 1074-2 - USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 10.04. Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.
4e15776b2f435c92a453d8aac2203f207e854e4b3f906900fe4b4f17ed2e2a0cUbuntu Security Notice 1076-1 - It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications (VBA) data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.
2d04da8d1f11b96f184c08db804c5a8cde452d0361185ff49b7a4fc63f4fbf41Ubuntu Security Notice 1075-1 - Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service.
5a881149a3fef01c87d99b5117790feb8d52e1b67d16915f6f447bf992dbd6fcMandriva Linux Security Advisory 2011-038 - All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
a54128d96ef5760cc084f1f2a4d2324cb00c5687807a07069714410c3ea9f0a2FreeBSD's crontab implementation suffers from various race condition and symlink vulnerabilities that allow for minor information leakage.
0c48aa105ac5559bbac3c34bec72fc1a917b4bb2c39f51d11be3e0a1932aa408BackWPup WordPress plugin versions 1.4.0 and below suffer from a file content disclosure vulnerability.
11874aac3134e7b1c28564b2b1dd391fc7b31fa8ecf72478b47ba3ade60462d1DO-CMS suffers from multiple remote SQL injection vulnerabilities.
707992f3f8c0825e2df5b513fb1b85d07585d5949b07a7fca7e5fda0b1861541WeeChat suffers from an invalid certificate verification vulnerability.
b244384a98f92322c920ae9a0922ecf9ded2df274ee6fe2b1625224736dcb748Quick N Easy FTP Server version 3.2 denial of service exploit.
3ac6cb6d87d57934d1c7fa0e8b73b2bcc95def2c7e22d34c1e41acc738bb270dMagic Music Editor denial of service exploit that creates a malicious .cda file.
9462a00e75b4e64a1c729ad22229dbc8b510a9a62d9f05baf99b16032b1e7361PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function.
9a3edc419d1451c112c85dbd5ab1bc18c7921def1d1e3dc9ec1409796a52654dImageview version 6.0 suffers from a directory traversal vulnerability.
262d1ece9a7414af4ee075eddfb0dbefc8b9f3c934e1df735fa2c92d50584cd5WSN Guest version 1.24 suffers from a remote SQL injection vulnerability in the time parameter.
da86b8f248d2ef51d36d48a90c668cf8b250e1b9e735d0af54bb77d4e2ddbeffMobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
50c17be7feb4f17c9b55e331490c6fc1b4a79d0c13287fc82c168b7bccf58523Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
c5363b224df0efbd78d7dc4d8a518e5518b2e7affc2e5f1fcecd4efa3ab815afHP Security Bulletin HPSBPI02635 SSRT100391 - A potential security vulnerability has been identified with HP Web Jetadmin running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to resources managed by Web Jetadmin. Revision 1 of this advisory.
ca21811109cbf5040a354178f86ad2d2ce44ab035696b794e445212335b8cf7ephpMyAdmin versions 3.3.9 and below suffers from brute force and path disclosure vulnerabilities.
57dff876815eb07a5a14b2a29cab989fa9f079aa94371b1d74b85134fb0f35f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed