Ubuntu Security Notice 1146-1 - Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.
587a331a188a15742c49cc3c31453d858c70c6ea710797e17fa98b2b7a3b4316byTolinet Agencia suffers from a remote blind SQL injection vulnerability.
06b6cff0137db3ab535c8a20fcfd3fa30373abc5b943334d496b6bd67d50573cPacer Edition CMS suffers from a cross site scripting vulnerability when parsing user input to the 'email' parameter via POST method in 'admin/login/forgot/index.php'.
64bc139cdd713e79b7734f3138011ce6e67d334d1b7864e2e6bdfe1443bb8d2fPacer Edition CMS version 2.1 remote arbitrary file deletion exploit.
fdecec4cbc4da2ca8fcd5a0044f5cd5bc62041abb616b0c109cf1b0546d42c3dClubHACK Magazine Issue 17 - Topics covered include pentesting your wireless, wi-fi tools, best practices for wi-fi networks, and forensics with Matriux.
ced9844034333153c6393973f1c287a3a5fab14d2d1aeec8176db94d944adb62This is proof of concept chunk of javascript code that demonstrates the tabnapping phishing vulnerability that works across multiple browsers.
48b7231bc300959fb654e0f8929e2f26f0dec5485262472dbd4e23fc192d6c13Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
69e9c102d56348266b6597d6d401b0a5a2190e158b78e75ee0591f90479ed2caEquiPCS suffers from a remote SQL injection vulnerability.
3fa2d6da1b6cd03e0878c8f4b4e9d3f58c60cee9100532c45eda496c9eabcc89John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
634ca7d884c3f181d64289a975091095a702f2c60b4b1f0672c6541c0f5a924927 bytes small FreeBSD/x86 shellcode that binds a shell on port 31337.
37384aa5db1693872e4fd50b6ec667e1a9ae567a85c4441af351dbf2e97bba8dThe Polycom IP Phone suffers from a remote password disclosure vulnerability.
abfb162b414b38282781954cbc8edbb1217bed683ec2d07cbed568082a31065ePDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
86766208a90ef69191d151095e97ebd1cdcdf37a7ef654d94d09c148515f3decThe Aastra IP Phone 9480i web interface suffers from a data disclosure vulnerability.
c8067f301390cba0688abb8c10285d90c97a11e257f9940fe1786aecba40f331FreePBX version 2.9.0.6 suffers from a remote shell upload vulnerability.
cb8226143db3ebda4bebf218daf1ea53d4eaae1e51fdd173018111166c720280Booxys Hotel version 1.0 suffers from a cross site scripting vulnerability.
5f374c4110d195a7af4237b72a9fa066a7ba00a43e43a3263f74f30a78591a91HP Security Bulletin HPSBMA02631 SSRT100324 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
d79ea11ddd82de5a0e26ecff34478953ae5f5b40435b50a28e794acc34cc58d7This Metasploit module exploits a remote code execution vulnerability in Magneto ICMP ActiveX Control (OCX) version 4.0.0.20.
9f4d644cf1dce2f3404f75311e3774d1ef3e4ab17291eb9ea656d7c3ddbf0b22Prefix Technologies suffers from a remote SQL injection vulnerability.
624f9b8d537141df47719b5d55218cb4a45cad99405b8956846c723516939410Zero Day Initiative Advisory 11-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java webstart parses certain properties from the jnlp file. Due to insufficient quote escaping it is possible to supply additional command line parameters to the java process. By crafting such parameters, an attacker can execute remote code under the context of the user running the process.
a404173fec0adb72b54fdaa57ab9e6ee4ac25a73fd950400775c364b24259cc3Zero Day Initiative Advisory 11-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a 'scrn' tag, the process reads a user specified value describing the number of scrn objects in the file. This value is multiplied with the size of an scrn object possibly resulting in an integer overflow. This value is then used to allocate memory to hold all the scrn objects. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
c946917f3c6397b191f67ce05f18033ea0d5160fbea49d515db3cb9e45a0ef5dRed Hat Security Advisory 2011-0862-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. Various other issues were also addressed.
1ff98c5c00208f3cbe3c94f264edd5b646b681a3f2f0cf7c2caec93cbe9a9454This Metasploit module exploits a vulnerability found on 7-Technologies IGSS 9. By supplying a long string of data to the 'Rename' (0x02), 'Delete' (0x03), or 'Add' (0x04) command, a buffer overflow condition occurs in IGSSdataServer.exe while handing an RMS report, which results arbitrary code execution under the context of the user. The attack is carried out in three stages. The first stage sends the final payload to IGSSdataServer.exe, which will remain in memory. The second stage sends the Add command so the process can find a valid ID for the Rename command. The last stage then triggers the vulnerability with the Rename command, and uses an egghunter to search for the shellcode that we sent in stage 1. The use of egghunter appears to be necessary due to the small buffer size, which cannot even contain our ROP chain and the final payload.
159bcc6e1d0a284b89e943dc6ab734d6c2d4c9cfd17f99602199371978ca7d42Secunia Security Advisory - Red Hat has issued an update for subversion. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
239dce24acc5c9254624be7c74adbb4f9d7c9155504251fb343419d19fa2b55bSecunia Security Advisory - Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, compromise a user's system, and compromise a vulnerable system.
9411870fae14a5ba439ea27f5c0981855a3c7308c604a47313ad4335060294acSecunia Security Advisory - A vulnerability has been reported in the Horde_Auth Framework, which can be exploited by malicious people to bypass certain security features.
e7ad45dae6506c20aa61ab10737be70090c3955d698aeebc15107cf1340a47ac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed