This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
d1cef6f9fc00e9c87f66184e541a23b487e22d0bf005602e5a91c795be80bb5eUshahidi version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
241319ea6222ca5dedc1691b5c96459723af8e4203c53b1e76c9e8ca8739ff4bMandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.
6c85f20b4131fa33986edd84817e884952953310762c6a2e6f462a08eee4cb99Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
2f2b314e398333a3e601f5345e342e8e86e10daced4ff3b39b3cdf6e5b210dc5AC PHP eMail version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
4d53f59f85a1f395b81b8c22507307ad871a76fb17050431dac83c5297290fc6C4kurdGroup CMS suffers from a remote SQL injection vulnerability.
50cda04219b02a5c7bb4e5b0665becea0a288369ec91973a74dd4e3af3014838Bioly version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
b887f59cc439e8033ce0ff26831d50898fb73ef942a80ccb56fa217a197cf234McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.
4a7ee04849235d3e90c1270eb15f6e24884ab471f7c7606cf34bb4f9587f746bThis is a detailed paper on building your own WAP and Wireless IDS system from scratch using open source tools like Kismet, Snort and Sagan.
e8493f6ce980099203e0171a505425a6fd32193451e07cab0cf78651fc5eb149Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
704df03b3052c8f11de9921496d8a6951e3b0ae29b75bbbae2c06a4435a51f7aDebian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.
35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
394bb598632f8c32c0247dcf4987176a79d1415c706a0b63d0be4d840bc6b6f2Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in IP.Board and the IP.Gallery module for IP.Board.
f70a3cc5583804489a199235486d3b83bb07ea0c697e5fc645c930223be30f76Secunia Security Advisory - A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.
702bb8c0491866c7f2449b2fb1bdbe313de0ca343a1bf6b8779d434644f105fdSecunia Security Advisory - A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
989512c2e534ec7ea6a9c5d7cd02a3747ed836956a50bb3b700f958670d31407Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in CGIProxy.
3a1e41b6f80ee622670952fdacaef4048ce5c0798852a3524fc2f2b5f1f9ba9bSecunia Security Advisory - A weakness has been reported in the Fivestar module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
b3daaefebd484fb1b580a23589576f76a84a22af3167aedaed7e0c2dc9354c7eSecunia Security Advisory - A vulnerability has been reported in Minerva Infotech CMS, which can be exploited by malicious people to conduct SQL injection attacks.
e80319c433cfa4360acff2ff21a8f8a96fdc098a2ad3d549298056d35554d619Secunia Security Advisory - Ewerson Guimaraes has reported some vulnerabilities in Tufin SecureTrack, which can be exploited by malicious users to conduct script insertion attacks.
08f4490a9b4ebc15d947227eab0b6b5c722f7359dc1585c1bbaf7b0aadb50345Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
94abfde66156b8760e23e369c58855464d5d1931bdfbefdb60a2d142a464c839Secunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
f1668a474e9434631c8ee7e521bb5c9e6c0b642eee6fda7d2d823f7b173c3a78Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
d29db4b90738a6929107a62a2ad75590a3f5eec120810f3f082594d0a419e8c1Secunia Security Advisory - Debian has issued an update for sqlalchemy. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
82b66988b14fdf3feb4c27d0cad3b3ad08b60dbe5b6135d2d5e0785db55cd9ff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed