Zero Day Initiative Advisory 11-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to exploit this vulnerability. The flaw exists within the Unify2.exe component which listens by default on TCP port 6821. When handling a packet type the process trusts a remaining packet length value provided by the user and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c5b7f7de67ca75c73da4296bc399ab55cec0f59dd665fc9c0582effcba399aa6Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
ef704e9100eb2b84dd85f0614c1b81e8320958e0c4b77d2651ef19086495603bThis is part two of the Simple x64 XOR Shellcode Encoder / Loader paper that adds in simple obfuscation.
07015c0dcec4eea8611e3ed8e6f9f82d8774813630fd343151116458df7fc37bRed Hat Security Advisory 2011-1248-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.
0236290da9f1510ec94382d77494a2ba1019f4b53dc331c072633300ddefdbb5SaurusCMS-CE version 4.7 suffers from remote file inclusion vulnerabilities.
8d0195a9a2c2ad6b058f2974be172b2a666f3904d2d40b9766856a79e152193cManifattura Web suffers from a remote SQL injection vulnerability.
003d838ca43023b2e1324c320dbce0e5bbf95898227a538f14cd188cd723a087Loop suffers from a remote SQL injection vulnerability in ricetta.php.
6352e9d74961723476a09280194846791083062782d0243b1bdba8cdc87acd54Virtualismi suffers from a cross site scripting vulnerability.
a9076db51a97b16a519055851c9a268a835474387e09ad735bf77d4bcf35cc74BisonFTP server version 3.5 MKD remote buffer overflow crash exploit.
6157ac1b4d0108188bcfac3f9ccdadb47a302240c656b2fa5c72bfb65f934e09ACal version 2.2.6 suffers from a cross site scripting vulnerability.
690e0cae40ac71cd5f6756464561786f1f34425d0714994ef9b5244906f298afBroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5Ubuntu Security Notice 1197-2 - USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as trusted in the Thunderbird certificate manager. This is due to Thunderbird using the system version of the Network Security Service libraries (NSS). Thunderbird will actively distrust any certificate signed by this DigiNotar Root CA certificate. This means that users will still get an untrusted certificate warning when accessing a service through Thunderbird that presents a certificate signed by this DigiNotar Root CA certificate. Various other issues were also addressed.
8b562af7e7845ff7b69f0432af9169bc0113318d3461f4b54c3155618fe6adfcThis Metasploit module exploits a stack buffer overflow in version 1.1 of Free MP3 CD Ripper. By creating a specially crafted .wav file, an attacker may be able to execute arbitrary code.
7401c2dd0f56ba28e5f6c554d7c4eaa36cfe2ff96cdf148453614fed7e3f7b1fCerberus FTP Server version 4.0.9.8 REST remote buffer overflow crash exploit.
4ffb43902001c39a48c6ed0bb68c9a86be4f2acf228608af5c8b5dfb4e6c2a2dWhitepaper called Optimized Ad-Hoc On-Demand Distance Vector Routing Protocol.
276122fff45fd9a03d478f868be5278cae367c1fb18bb2597e19520d2ed8f62aTPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.
09bdf9635bf9b63fb18e4c32a5a237cf878a16ea494b709ac969f658d874aa04Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
37895dba70ffd90625d5211353b8b44030a02e97b1142bfa7c462ec7add8cedfITT Web suffers from a remote SQL injection vulnerability.
a1ab545ac6bf0bc9777bd56c69013e8ccb3fa6c1076f0062f827c8ef950c8f54ph5gruppo suffers from a remote SQL injection vulnerability.
3f79fddda30c9726e308e37ef1a17f53d4ecbd57aad29f4ef58457ec19107ec6KnFTPd FTP server version 1.0.0 suffers from buffer overflow vulnerabilities. Dozens of FTP commands are affected. Proof of concept exploit included.
e539b8603fc798eefb0731e2211588194426f6b0cce6f42ae1ef8bef81ba6828The Hacker News Magazine issue 04, released September, 2011. This magazine sums up recent news events in the hacker community.
4e1119d2b4ecb717c9fe59628951d163a13bb6a8c74bd477c694639f22b14965This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
348b94a602e053d653e9e822631e9a0911f02f12bdc2763f325cc1727f13daceWordPress VideoWhisper Video Presentation plugin versions 1.1 and below suffer from a remote SQL injection vulnerability.
544a1459c5018f784d07a4d0f99fb2889727d63d7dec320d6380a973052c096dSecunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in BroadWin WebAccess Client, which can be exploited by malicious people to compromise a user's system.
fa711a00a231bdc2225207dcc9ce851eef5ae362b57aaec880432931cc4b21b9Secunia Security Advisory - Cisco has acknowledged a vulnerability in Cisco Quad, which can be exploited by malicious people to cause a DoS (Denial of Service).
0c08cc896384d16d199e14c8e25b1b8fcd8b08401ed932d8462f85c5f754b1d3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed