Mandriva Linux Security Advisory 2011-107 - fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted message header or POP3 UIDL list. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a STLS request, which allows remote servers to cause a denial of service by acknowledging the request but not sending additional packets.
f76d34b17f631223e59aa2ba6e51c25370839677d0b8989b2ea46fc400d18a12BLOG:CMS version 4.2.1.f suffers from a cross site scripting vulnerability.
ac0c8cb715546634af1034d70dc2fd65b0892a8bb6be45d3fd58ad55e057d349Dataface suffers from a local file inclusion vulnerability.
d7bc8c119afcd8d22c187870b656efe6f9dba43e8c2f040c555ce6652b54e166This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
ef1996fa8324f29a9b671331d440a114bd14ca14534139ba1cdb0b9541a1ba33Secunia Security Advisory - A vulnerability has been discovered in KMPlayer, which can be exploited by malicious people to compromise a user's system.
38fcd9173b92b771be14887a108a64da3a51fda3f67ec2cff335c3444845f8e2Secunia Security Advisory - A vulnerability has been reported in Zhang Boyang FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
e194de417f47fbaf335e527956d276bf60e200435e91a5949bcfb33cd68910f8Secunia Security Advisory - Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
78754eea895d635f630ca6eedca4341369b079e4cf4c93d42f2aaa37ce373572Secunia Security Advisory - A vulnerability has been discovered in 1 Click UnZip, which can be exploited by malicious people to compromise a user's system.
fda524cbbecf3c872dbb0d790ce6a5ca3c17f4d35696e591688726930543c38dSecunia Security Advisory - Fedora has issued an update for gimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
47b9cb856a327655dd1568e5e20833c4e4ab12487549bf737699d4a15f980c02Secunia Security Advisory - Fedora has issued an update for unbound. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b46aef49e83c327525be829dd7374eec5fb34e7fada1b833651713d3c21e9ddcSecunia Security Advisory - Fedora has issued an update for mumble. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
1337bc747531c70aa89c82f3797d56a3788682ccb7b6b5e790e9e573797f24a2Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
d72cc4ec349aec1d943584df3f712bed68982d5f7d452a941df49cae40abf76fZero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
bc91adce1bd45fa15577bc229f615332822f74d37c5345e8507b31a5ec371be4Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
76c8aac3aaa1dd56609ce784b9bfa3b944af2b8b4f7a710acf917d2d9e1b9047IBM Tivoli Endpoint version 4.1.1 remote SYSTEM exploit that leverages hard-coded base64 encoded authentication credentials in lcfd.exe and a stack-based buffer overflow when parsing HTTP variable values. Spawns a reverse shell to port 4444.
0f8374a53f9ea835a56ed4f488e0af7bb4381a6ce425701de24237adb0986946This is a directory traversal scanner written in C# that audits HTTP servers and web applications. Complete source included.
c6e52c1e2da6ad919fd343f4344bc7ff0add71acb44fbfb524bfd4042c533bbcThis php script scans for ProFTP instances when provided an IP range.
b67535a62c08567ea898568439edcd17fd0c5ed358a63670fce92c800ed52732Ubuntu Security Notice 1122-3 - USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Various other issues were also addressed
fcbe2acfdfc2dc9d4671f12b4fd20c3af797b24bac4bbc35088a7f1e63975b32Zero Day Initiative Advisory 11-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
279b78ac788ad0454a5133cf6744fcf7bb29e7c71aca991801aa631596d22d611ClickUnzip version 3.00 heap overflow exploit that creates a malicious .zip file.
7d634efb257b10f31e54dc530eca9f5df439e4e9e5e8068e5e122d8a4bb75834Mevlana Content Management System suffers from a remote SQL injection vulnerability.
0940ce799ce0788ecf793051a8a91af430c8859a25b2ef578962d33be8af998fDebian Linux Security Advisory 2255-1 - Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.
0d44824abaf540af6d9d4accbd8f7b876931369b24f7b18b0d084e2af700821dKMPlayer version 3.0.0.1440 buffer overflow exploit with DEP bypass that creates a malicious mp3 file.
132a8a91ab46b94954a941964bc52cf820ea67a4c8ae0be94d92b5e07513bdedZero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
19164593dc3e90806077d1518c8540b9e8f300b001a3af65d3fb1277e4e7be52This Metasploit module exploits a stack buffer overflow in CoolPlayer Portable version 2.19.2 by creating a specially crafted .m3u file.
16325060098c651fb86c7e27b31ac0f3b467b1f9765769a5527c75a0de47cf11
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed