A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
0b2b66a010f07afd3a21848f6c4de292e1d20c5873c836998313c0f5f90e9999HP Security Bulletin HPSBMU02731 SSRT100518 - Potential security vulnerabilities have been identified with HP Database Archiving Software. These vulnerabilities could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.
8e6550c3b4010ae9fff5a60a6fc38b1503871ae9afe73a86b159c933b17a424eRegister Plus Redux versions 3.7.3.1 and below suffer from cross site scripting, remote SQL injection and code execution vulnerabilities.
17b9d0bec625320c3f3fe806c42459e82b0311c9162527242328071b9eb678d9This bulletin summary lists a Microsoft security bulletin released for December, 2011.
95f9e401b87e851f6bd26e66c4095cd984e9aaf35e97816e4293032588528ffeHP Security Bulletin HPSBPI02728 SSRT100692 2 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 2 of this advisory.
ff6f22298de3f425de467f22cf364320ca21ac4e7ef6bb1908722100799044d9HP Security Bulletin HPSBPI02732 SSRT100435 - Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database. Revision 1 of this advisory.
a49ce43d61ed9a2b50fc8032fe132797b1be9ec0a71f4e8cc8cb8d94a3664f15Neturf suffers from a cross site scripting vulnerability.
f8844c5f1bd3eca2f9d03e41d1c8a6a0d2ae543565113f67b8a53189c6bba5eeBugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.
d7fe9cc19e92befb40189c8947a6c9db762e9a8c444631d574538ff2387c7051Winn Guestbook version 2.4.8c suffers from a stored cross site scripting vulnerability.
76441a300785f9b23fe2dd495a0b22b826a7a86b7d54df31233b683bc976d1a8Red Hat Security Advisory 2011-1854-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
83eeef5fda24f5ac7761e4f57831e666f9cbabd3903c9a02dd52b0a24721586bThis is an advance notification of a security bulletin that Microsoft is intending to release on December 29th, 2011.
b43366a05e12c62f798d5883630b281ffa0bdb367b308bb896f83cfa75f7b829Akiva Webboard suffers from a remote SQL injection vulnerability that allows for authentication bypass.
211402d2c517885e10873e4ced610e001b81d752ddfb47e6c3493e5729b6e804This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.
3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
ded5b9b2c8f52c1ee9a2ccae0a4957eee5c2a8acbd45a13ae2480551c9a9a525Red Hat Security Advisory 2011-1853-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
3769a5da3eca30398718bea8bed258601bbb8e2a1a21a41031c17dcfeb542759Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. When Medusa, Hydra or other brute-force tools fail to do what you want, Patator might be what you need.
04d67703d07d6304a50ace799e5784300b90ddaac6f446d3a216caa1d2e51e88Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21The Joomla Simple File Upload component version 1.3 suffers from a remote code execution vulnerability.
805ef7cfd9b8a1d4ba413bccf67b38b7c55142606663af6ab35e092bc08e9e50DIY-CMS Blog suffers from a remote SQL injection vulnerability.
17ed391b7e78d75cb9a3278149b1974ff661d7d523986e5c3ed9f9f83827b13eSecunia Security Advisory - mghack has discovered multiple vulnerabilities in e107, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
c482e45f6fdd9faa612e29b97ed32928d834721b371e24055f9a2ebf57296b54Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Database Archiving Software, which can be exploited by malicious people to compromise a vulnerable system.
59121f3ad2ba81b4079bd901998078604bedda0f49a1f5d6b18d41487248ec73Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
433f583085ab3ed5d7b11c68817e121541314fe966b934c3234981f4079c625fSecunia Security Advisory - Red Hat has issued an update for krb5-appl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
3c98b75aa88d856beca6f503057b9d9b9c9506070f3a12060804bda9742e95a7Secunia Security Advisory - A vulnerability has been discovered in CoCSoft Stream Down, which can be exploited by malicious people to compromise a user's system.
39e0b5510e8c71d6ee583e4bd5146a77e857bf1365b54f5050c6ef1593c7e380Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.
f603ca2942ad30ac7966b577e0d88c9cb23679a649720909f275b9132b7a34ac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed