Digital Whisper Electronic Magazine issue 25. Written in Hebrew.
a8d0e192bafc14dfa8fe673353c9792feccc015c4ab75fb5ab1abcc9e7bc13a20x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
25362e9cea7e4f4cda7174fcbdb2dece439046aef654cee2fd1018136c073f8bSites designed by The Formula Group suffer from a remote SQL injection vulnerability that allow for authentication bypass.
92c1e0ccfe09f214e443a03351641aab4a6ccb3a2d177867a5db95b1650dc333Mandriva Linux Security Advisory 2011-142 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. Various other issues were also addressed.
b47d99ffd8922cf6f61ae3f6b7b355868e899ebc23904b5d0170dd0cbd6cb987Mandriva Linux Security Advisory 2011-141 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.
7bf97e08ab69bef6b19a6eb40d748b107651d29053a77ed5c525ad4f8d04ea88Mandriva Linux Security Advisory 2011-140 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.
06197facc4a4a8d68d9ea8e7b90c6f35e49cdaa90a54a5a8dd8526e7600106ccMandriva Linux Security Advisory 2011-139 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. Various other issues were also addressed.
cb94481672ca611518c2e2319b19db4a56b9b9ac8618a2d489119373be71e803Banana Dance CMS and Wiki suffers from a remote SQL injection vulnerability.
721c9726b4ee05fc640d8842044c0ae02a135b4cde547fc6771d89654c9499d1Vivvo CMS suffers from a local file inclusion vulnerability.
d0ac7c92897e2d86872b86e93b7e4382d554e3bff4aa825a61df8bfb62580416This is a set of slides from the talk Hacking Your Droid - Android Malwares.
a1e9bedd0c65db1d85eddf796d21f8f2cbf3fe3d92ed9fcded237afd35dfe3dfMalicious software also known as "Malcode" or "Malware" can compromise the security and functionality of a program. Once "installed" it monitors the user’s habits. This documents introduces this kind of threats by spying a widespread internet browser.
2a6bfafdf205655b130fbe757bf585521958b3e381ba17c01acc6d355d95c869Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
100985142d65548380351ebd6fcc87cfd85c7f2c807b5e0adb0ae7c04271e115SonicWall Viewpoint version 6.0 SP2 suffers from a remote blind SQL injection vulnerability.
8558f5aeefce46b7dea36abc81a713c670d209cf13577d576c429374fdb18e81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed