Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
669bfff032cd2b42bbdf149e5ef06a1dThis Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
8dc19f398388284a81cf2ecae5005436This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
d5c7b728cc34e438d56471e6fbda49bdThe GreHack 2012 Call For Papers has been announced. It will be held in Grenoble, France on October 19th, 2012.
77c4584bf8b850f6540301a838dd4258ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
6f23782d3add86957f122b199a5849ecKolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
bb2c661a62752b3093161dc4ad3b29baThis Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
c93d65487a1c0efc12fc9a8a68adc5dbThe Hacktivity 2012 Call For Papers has been announced. It will be held from October 12th through the 13th, 2012 in Budapest, Hungary.
c4e46f46fe62ec6961a307d6fb8167afLogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
2427d2cf98e92db38be0f21c58da1065Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
7b79d17eacb9df80bafc88ab8fbbdabcpragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
5433c6278bfe6b6212f911b0a46eda42Ubuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
e3d9015d666d8f4b4efc27aeb34e081aUbuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
b2abab8c59bf6aa71b07833130a15467Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
b8cc47d8f5416ce1152fba137dfd8f1aDynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
476adc1bf90918f7ad3741caca2d770eSecunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
07be0c82609287b9fdf2b6bf5520d6fbSecunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
1de7de996fc4de218889855034c150c1Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
ff29c82b9de64d53f8b7fb4fe3013810Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
dfa667da3b23fc383980816fa1e979caSecunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
64cd85dfc63076208536e81786bf9a24Secunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
47846757ee661dbed11a60ed1c997afdSecunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
44ff17dda22f0f079c26183df2d44450Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
b38f21580908a7f8e1dc9f21b4e1cbcfSecunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
7b58cfcf9357201c95c515ae89cfba30
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed