Zero Day Initiative Advisory 11-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in how ibmslapd.exe handles LDAP CRAM-MD5 packets. ibmslapd.exe listens by default on port TCP 389. When the process receives an LDAP CRAM-MD5 packet, it uses libibmldap.dll to handle the allocation of a buffer for the packet data. A specially crafted packet can cause the ber_get_int function to allocate a buffer that is too small to fit the packet data, causing a subsequent stack-based buffer overflow. This can be leveraged by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
5856c905992ce3367f10fbd82bf9872e59657ed8b978886f53701ed9eeb4747fWireshark versions 1.4.1 through 1.4.4 SEH overflow exploit that spawns calc.exe.
1190bfbcea843e5145744418548830b04cb799c34c387f3a3edb3bd512300dbdPastebay suffers from a password bypass vulnerability.
ebd3027c69a1ad01ec43a6aa1d8a4c8ab3b282c31cdbd8211cfa94df34fbbaffA potential cross site scripting vulnerability has been identified in RSA? Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.
a83fabf54ed5f3331ab76f5aae6561209b00f4bf7ffb46fbdc69a206932bb910Ultra Marketing Enterprises CMS and Cart suffers from a remote SQL injection vulnerability.
d34005c364f7d4611990f005c5880bba9ad4ebb113ae3607456293769682cd4aUbuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
6aa138e4da81ce01a79a100e10f8c8db333638d58fca582399c80a99743e1fb6Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems.
099e55d14489dafd73cfdfa5499d3104b38a4256c3df9a93abae54beaa077d30EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
865a9f3693f441082930e4366c848c4a8368c6122943070f7ee2590626605e5fGo Null Yourself E-zine Issue 4 - Topics in this issue include Lattice-Based Cryptography, The Tech Behind Credit Cards, MapReduce Part 2, 303-833-00xx Scan, and more.
35eabf498921a3ff749db28d5d9622b428e8b2a603b121475303b55a264a85bcCRESUS suffers from a remote SQL injection vulnerability.
c25206e4b15dfe30428563597e1a1363d64b556f27415c22c47d4f718789b052Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
ccafd038dcde1e733e4b0fe7bb2f1aa78dc535b69cc46dc88c1e7b292d77d091Secunia Security Advisory - A vulnerability has been reported in Mojolicious, which can be exploited by malicious people to disclose potentially sensitive information.
aad435433a3873a784ff551ce1b5893c38b4067071e9cc95e4a411bdae38e924Secunia Security Advisory - Some vulnerabilities have been reported in Perl Jifty::DBI, which can be exploited by malicious people to conduct SQL injection attacks.
ee16a2eae7ff772f1e2c5bd0a66d63508362ce64912f5fd126c4f08e1aadd575Multiple Drupal themes suffer from cross site scripting and denial of service vulnerabilities. Affected themes include Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily Edition, Coffee Break, The Gazette Edition.
165887f15d9354eaf9b8d1bb945cb0dc9da0684b19cf44be05684f5b05d60ae6Secunia Security Advisory - A security issue and a vulnerability have been discovered in MyBB, which can be exploited by malicious people to disclose certain sensitive information and conduct SQL injection attacks.
803f1203cf51ac1479e8ec409f0b5cbd3b365d60fbb263c69a398552b5100509Secunia Security Advisory - Fedora has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
e1e304df70aa4ca0fbdb0f36fcdadfebd76f644ae156cfe2d94668d90d57c6efSecunia Security Advisory - A vulnerability has been discovered in Thunar, which potentially can be exploited by malicious people to compromise a user's system.
2a6071287d06bd3824ab732a02050b854a96d3f94e13dbf03c1fdbe733b1bfe1Secunia Security Advisory - Fedora has issued an update for tmux. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
a94b1de5c9aa0257247acd99483ddb9e56469c33b019b3eacea9f7eae5cdad51Secunia Security Advisory - Justin Case has reported a weakness in Skype for Android, which can be exploited by malicious people to gain access to sensitive information.
fae84ac51ac8b67252c924423fdae24c29c3e61ebfd8895a4d5d580f6d947bb6Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
14a64815e3d847dcb4f353283f97876a57888b127e13a7b21aae5a6e887d2251CompactCMS versions 1.4.1 and below suffer from remote file inclusion and disclosure issues.
9d0a94503eb969764632bc54f78faa71ffad44a133f3df985cbb8c6eaf655d53Google Chrome version 10.0.648.205 stack exhaustion exploit.
82d6dc22eadb26bdd8279068c3bbf816cda86c79a4185c6e44c2d3edaa340479Secunia Security Advisory - SUSE has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
13cc27186d5ff20728460c4b2bea54234313f92beb4e86bc06a266b766608ed0Secunia Security Advisory - SUSE has issued an update for libmodplug. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
771592ce52c244bd9d96461d89141463905d30ace60ab8aebec9d96e7dc8ec94Secunia Security Advisory - SUSE has issued an update for dhcp6. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4fb77a1d56d114d8ac31369cca5138277372854eb3228928974ad1cea50d8e32
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed