Ubuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.
f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84eUbuntu Security Notice 1211-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
c722fd7511a442653d720916be5133aeccaba801f39a3fdb017e7ee6b3699415Trusteer Rapport key decryptor / keylogger exploit that uses Trusteer's own functionality to 'decrypt' keys directly.
c8f6cb87a1da1cd5f8ebbf54d12f5416d0be16db65d6f07abce191af94431441Trusteer Rapport key encryption switch off exploit that switches off anti-keylogger protections on OS X allowing your already existing keylogger to function correctly once again.
e487f26a1ce7c3bd190b7b3803f36945aebfe51c050ce618a0da3d61b445f487These are the slides for the IPv6 security talk given at Hack.lu 2011.
c48839ec6e8c59d1496899d1c7147f00134f8c12a6684faa5ee5150fb0a98546Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.
b6184ace78ff59c01b98abf9251555c43de66e1e8499ccd4c6717f23c36d980fTunerLabs suffers from a remote SQL injection vulnerability.
45c2e3cca038017758bf5611472cc12116a50f943d8c2ca4f34140b39e1d19a4Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability.
fec0542347d11dcaba40a36e576a9a2728f140dc57e324d0e46a4289ce1ef603Secunia Security Advisory -
c9a78e16dfad3b2f7fb266fe234bf9ad03b6ab9a28c88d2edb9044bcf97872f1Secunia Security Advisory - A vulnerability has been discovered in the Rent-A-Car plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
c9a78e16dfad3b2f7fb266fe234bf9ad03b6ab9a28c88d2edb9044bcf97872f1Secunia Security Advisory - A vulnerability has been discovered in the LISL Last-Image Slider plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0774800dc79b6b2f55146f1814113c1f037161a78092943e8250399cf3e74277Secunia Security Advisory - A vulnerability has been discovered in the Auto Attachments plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
b074a51479b32f245d2644bfefbde15ca9ecf2755f9668a4dd70671bc5820aa4Secunia Security Advisory - A vulnerability has been discovered in the Category List Portfolio Page plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
b27bd25d37169b90a1d4f570280f942968f617246511389169321fafe7d60c08Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
5af42b1cc07704fcbde8bb44380e5a02ebedc75470a132c70022ecb5f8476bcfThis is a whitepaper is called Bypassing Microsoft's Internet Explorer Cross Site Scripting Filter.
1d5e74f1e5da2f90ef88920e1f7b0170ec0523060a97714408048591e6e8d1f9EViews versions 7.0.0.1 and below suffer from memory corruption and heap overflow vulnerabilities.
be48badc72b4e1d5c824e861b9cf4392dc32970a580ebf2abc57ca1c1f2bcb31MetaServer RT versions 3.2.1.450 and below suffer from heap overflow and denial of service vulnerabilities.
7a443b62dbf2c43b4d149adce2a09d72963021bff26038d582a82a3bcec0adadSecunia Security Advisory - A vulnerability has been discovered in JasperReports Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b643ff254f555f85f01149c60cb42060244dbf1ef5bb836c71370e669c439191SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability.
8374996d630a396dfa8c66032e2d7425570f3f5bcac4ab501cc5cc12f9a4a0fdAVCon H323 DEP bypass SEH overwrite exploits that generates malicious input.
e9723bb21ef7e18d46bb58e8632c159ba2ecf3cb81d3cb33337284e8f6f4f5c3ScriptFTP versions 3.3 and below suffer from a buffer overflow vulnerability.
4c3d7bd282a71bbc0d04ab728ecd6d649b96ed1e7f9337d132ef2569f82dde80Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device. Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.
f8b64349683d7496a8300593b934d118350bd667fccd7d4bba5b889e0720aff7Red Hat Security Advisory 2011-1321-01 - The kernel packages contain the Linux kernel. A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service.
94d31ed0387d6868b6e7adab496a79ec824e11127ad246421b8615a51ee105f6i-Gallery version 4.1 suffers from a remote source code disclosure vulnerability.
1d8463dabdf2e45356673cfb48681ccae5c00563ee20ae15e980da4b932c0af1i-Gallery version 3.4 suffers from a remote source code disclosure vulnerability.
ed70f25e15008bfc81925da56f00162c5748a55d9148d460f3937e681304fb28
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed