A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
8b4e4aaf4e7294a8c074fea60783bf0cDebian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.
0a5213fc1f3b5b1fc91375c0a200f38cUbuntu Security Notice 1493-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
bf6449c596cf1ab53e772b60c78e04b1Ubuntu Security Notice 1492-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
e3416ef44d69c9327f96cc156a37ac67Ubuntu Security Notice 1491-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
a9423ad3a665e67573606b17539a986dUbuntu Security Notice 1490-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.
d250ad71b1303bab568b80c02ec4fc58Ubuntu Security Notice 1489-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
f856e3333d817f1ecc95fb1c4b614358Ubuntu Security Notice 1488-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.
6e62b2d47a5005585db88c7c3e3edfaaUbuntu Security Notice 1487-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
99260c830c3cbd112412195c96d933f9Ubuntu Security Notice 1486-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
dbc613fffedad2fae938c6159db01d15There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.
9010e4009599ecb23e4c8ad1ffbd2957IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.
19e2303aec22265a732c54a7f34abcc2PHP Money Books version 1.03 suffers from stored cross site scripting vulnerabilities.
6b9da8d5a40f04f97fe6b20d8004ee1cPC Tools Firewall Plus version 7.0.0.123 suffers from a denial of service vulnerability.
f6bac6e8c2b376f4ac64e15640be62afSpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.
9eef6ed8841e3f517eb5b136c095b3a7PowerNet Twin Client versions 8.9 and below suffer from a stack overflow vulnerability.
db43fc66775afd6136a274f67c10fd8eThis Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
85791f9a94c2dae702f38a6997745009This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.
99330c91d94ab9d7d7a596c52a05bf81Lefigaro.fr suffers from a cross site scripting vulnerability.
6e8faccef683616e3637eedc903627c3Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.
010b98b6e1dc049e70e99de23d774cfaHi-media suffers from a remote SQL injection vulnerability.
281c483dd8dcbac87a20b8c7c19321b0B2CPrint suffers from a remote ASP shell upload vulnerability.
f5aa295b7d93548e976624a7ec2ec038Kongregate.com suffers from a cross site scripting vulnerability.
5688558ef751c18e93484ecb651f6e7eGhana50.gov.gh suffers from a cross site scripting vulnerability.
177a35367f04bee3be38baeec9dde872Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Support Assistant, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
6aff83caac3b3ed4e494610163f9b5a1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed