Results Unlimited CMS suffers from a remote SQL injection vulnerability.
65631b4d7ecd05aa606eb5b145211e34ee59cb0acb0167b67abda5595bcb38e0This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
c5633687f5d4dea297197de9035ee5ddaf873d0ee50394f6fa17d80638863e7fThis Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
c0fbf3513a8c6f3a2d74cceeb3b60aa04aa8253399451b37f5db876426268ecbThe Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.
c492a7230258756f220963ea3a248fac8910a3a97fdbd5f340dfd5fc5c789b9dHP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.
6c5294cf2ec6ac1543b4bd7cf33a0f5a1880b30f46ebeac990527d00fadea9a5HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
457fa208b2d89d333fc3e7b1e79dda9d71c42a5448aba577490f3ef540898b99Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
16755f115af78f1d3c621b96b65aa171706dd1323233fef010e83b6fe9fe11bbHULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37aThis python script looks for a large amount of possible administrative interfaces on a given site.
bf75788ddfe50e2e7b0c84f46f43ed551e1df60548cae06042d9c7ac89be56d8Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
af6d326b8689f781d6e0c85593aa09136aec99822187d885bfc8880af29789efThis is a whitepaper that gives a complete cross site scripting walkthrough.
7ccb4e719b298fb3680cb5feb24cf117a59343f4420b727273ea2fae0666e3a5PHP version 5.4.3 code execution exploit for Win32.
112d363fff422a3298c43a35cb8f1208ab8151662b7d29a70a218c64597855b7HP VSA remote command execution exploit.
e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58eSkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.
30d450dc3599d00c2b250dec0560160d749a900ba9963b7810e0f6b67cf7e422Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
dbfc0e23f4d2abacf09e25aa997aff77cbbd3c4e2accfcf2f2437aa2c66037b9Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
3d3cf9f1ce53c58fc5149cebc50ea0bfd8d0632a12fc1b3fc0f84398d5f6ee8dSecunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
9cc0a736934b57b768c8712f86375deb20575e93fcb9e56e1e7ffc61c153bc67Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
91bfd94f3e2e132a1e9b644e54fcc5c69d2d33e2d6d49da9b2cca1e6d483c8abSecunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
054fba010f9568c3f00517478292a89add8869b2560e23380d4f2fa8b87038ef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed