Zero Day Initiative Advisory 11-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to exploit this vulnerability. The flaw exists within the Unify2.exe component which listens by default on TCP port 6821. When handling a packet type the process trusts a remaining packet length value provided by the user and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
9769221cd95c31239a20fab1a709a858Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
b848f719404ad856627c7158e12ff871This is part two of the Simple x64 XOR Shellcode Encoder / Loader paper that adds in simple obfuscation.
88cac72f492283602b99e7936a34179aRed Hat Security Advisory 2011-1248-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.
622a8a6d64c71b57854b6aa4af5c3ef5SaurusCMS-CE version 4.7 suffers from remote file inclusion vulnerabilities.
c5f5d62fe9b39d1f1e6fcc84a865dcdcManifattura Web suffers from a remote SQL injection vulnerability.
f794562e09c6e2c94c856364c306f8d9Loop suffers from a remote SQL injection vulnerability in ricetta.php.
f3ca0ad52314fe1dabc90dd28afcf6f7Virtualismi suffers from a cross site scripting vulnerability.
f64cc138ec68945c1b420eccaac2c803BisonFTP server version 3.5 MKD remote buffer overflow crash exploit.
832375c0ce4ef50d07e51dd20f6546ecACal version 2.2.6 suffers from a cross site scripting vulnerability.
4d079c6c842fbdecfa2961ad78063165BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
d938955baaf2638ba8313699f173b625Ubuntu Security Notice 1197-2 - USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as trusted in the Thunderbird certificate manager. This is due to Thunderbird using the system version of the Network Security Service libraries (NSS). Thunderbird will actively distrust any certificate signed by this DigiNotar Root CA certificate. This means that users will still get an untrusted certificate warning when accessing a service through Thunderbird that presents a certificate signed by this DigiNotar Root CA certificate. Various other issues were also addressed.
c94e19eb17ad3acd4fe7a6b3f05e9adaThis Metasploit module exploits a stack buffer overflow in version 1.1 of Free MP3 CD Ripper. By creating a specially crafted .wav file, an attacker may be able to execute arbitrary code.
a3e9acec0f9a9b4986736ffc45c3da58Cerberus FTP Server version 4.0.9.8 REST remote buffer overflow crash exploit.
adef840bd24052f25a22733d9020c605Whitepaper called Optimized Ad-Hoc On-Demand Distance Vector Routing Protocol.
3d4cb941a64e19c47851917d12270180TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.
68cd8397c279e94d4f185443f6005632Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
0fcc3e998c0eb857121f3a6099b50caeITT Web suffers from a remote SQL injection vulnerability.
6c32537c349fda7e8c25aad6ec3b59d4ph5gruppo suffers from a remote SQL injection vulnerability.
21a99cf562816086d21bf2d3d8c70adaKnFTPd FTP server version 1.0.0 suffers from buffer overflow vulnerabilities. Dozens of FTP commands are affected. Proof of concept exploit included.
8067b404ed00ba39c2ea5cb169b2886bThe Hacker News Magazine issue 04, released September, 2011. This magazine sums up recent news events in the hacker community.
f269ee24793fba027ec9cf33e00ab0a7This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
8d32c2e58191795b07f93bda0d49f7d6WordPress VideoWhisper Video Presentation plugin versions 1.1 and below suffer from a remote SQL injection vulnerability.
c798d8cd2df010f9d1e4a5c50e070d24Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in BroadWin WebAccess Client, which can be exploited by malicious people to compromise a user's system.
5d130babdd77594c0ca83e9a801815c0Secunia Security Advisory - Cisco has acknowledged a vulnerability in Cisco Quad, which can be exploited by malicious people to cause a DoS (Denial of Service).
d0fee8f512c03d23dfaf72f70fb3c164
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed