Zero Day Initiative Advisory 11-094 - This vulnerability allows remote attackers to compromise the archive records on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service responsible for managing archive stores. The archive manager is susceptible to tampering due to a failure to enforce authentication from remote users. An attacker could exploit this flaw to compromise the server managing the archives and arbitrarily modify the archive data store under the context of the File Migration Agent software.
d4c16c8e15d434b6bdca8bff2018e11cDebian Linux Security Advisory 2175-1 - Volker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service.
5466b76532fc72dde02adea9f1802a53Ubuntu Security Notice 1077-1 - It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
86002895ed2ad1797138a20be9ab9ad0Ubuntu Security Notice 1074-2 - USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 10.04. Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.
3c50452827e25742bef7840b721455f6Ubuntu Security Notice 1076-1 - It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications (VBA) data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.
0c5c16da75174d63e5095da59ac60569Ubuntu Security Notice 1075-1 - Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service.
454608850cba21410988f637a3e9c9acMandriva Linux Security Advisory 2011-038 - All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
b0bc7527f52910e27a51caa3d022119fFreeBSD's crontab implementation suffers from various race condition and symlink vulnerabilities that allow for minor information leakage.
07b32ae1079a8ee98df86008e1959da3BackWPup WordPress plugin versions 1.4.0 and below suffer from a file content disclosure vulnerability.
fb53e14e423d362169ffef768e71af58DO-CMS suffers from multiple remote SQL injection vulnerabilities.
6e14e1c1cfab9bfb4fe4b84a82b4dbf2WeeChat suffers from an invalid certificate verification vulnerability.
4892538ee317654444753cbcdf21baf7Quick N Easy FTP Server version 3.2 denial of service exploit.
01f297c81b50928e8762cd265e7bf030Magic Music Editor denial of service exploit that creates a malicious .cda file.
901a457d03c41e9e059ea5f045617153PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function.
21882b823a841e7aa0af5399dda7100fImageview version 6.0 suffers from a directory traversal vulnerability.
37f5e1b38578d121fe9e0bb7fa8b0cd7WSN Guest version 1.24 suffers from a remote SQL injection vulnerability in the time parameter.
3b5d4d7c3f1d265bb20702cac790e626Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
5b73f2118bdc9bf8d8c47cb653502507Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
406990bd8da1f4958b354b4b6fc4b3ebHP Security Bulletin HPSBPI02635 SSRT100391 - A potential security vulnerability has been identified with HP Web Jetadmin running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to resources managed by Web Jetadmin. Revision 1 of this advisory.
dbfa0eea53e5eee6e8679bf73a71bbb7phpMyAdmin versions 3.3.9 and below suffers from brute force and path disclosure vulnerabilities.
6e8fae2af8d9530fd34944a378dabe95
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed