Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
a4eb4b9de1ce5cbd28ed980c6239c941877de08af4eee9399df2938af61e201bThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74eHP Security Bulletin HPSBMU02797 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
4338efff43deea01d68a1d0c996a4d7dbb4faa1342e817584e487f06b359d673Dr.Web Anti-Virus versions 7.00.0 and below suffer from a remote SQL injection vulnerability.
1f26f1d9a0c53d31cf524b8a8317a2acbba4e04bbcfa37d8609fe95557379ad4HP Security Bulletin HPSBMU02799 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
af5aa7411f209bd1b8e376b060609e532e0a6cc8c62657e0f3d48fc012d4cba4metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.
cb2904017bd8381379f534d13af9da18283b5ba0d4dca0d7ece74f329056ef4eSimple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
3e2b136f015fae19c61b2b118d1d58402b2d75b2f9c0c22031532788387ffcbeSecunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081KeyPass Password Safe version 1.22 suffers from a filter bypass that allows for malicious script code insertion.
fc0a3a882993015dc7a091e373423dcc5d79e487f44fafbaf9d5dd68199ebf13AVAVoIP version 1.5.12 suffers from cross site scripting and remote shell upload vulnerabilities.
8599e60b92e8454a5283310d93c784484aaad81f0c9a8880f0042a731bd9023dUbuntu Security Notice 1508-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).
f96ecd0c79ded94b46672835106ed3ee93cec325c6aea648c545e47aa4af9647Ubuntu Security Notice 1507-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded. Various other issues were also addressed.
16f2b75936f467bc23ca10f8ddc7c026a0d723c0ceef279e65985417b73730bcRed Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
39c19044934dc07eaf2ccda4a7067b0b643c2cc6a9cc89a40b7f6f5157c495f1Red Hat Security Advisory 2012-1089-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could bypass same-compartment security wrappers and execute arbitrary code with chrome privileges.
6f1030b3c007e92dee24f9f260950788c90e7f4630f1be858306ba2fad1bbd72Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
d72857c706afe58af56ef92496d0bf05c85429eac1b79962ede93b64b9d8c56aRed Hat Security Advisory 2012-1088-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could bypass same-compartment security wrappers and execute arbitrary code with chrome privileges.
cea61bdad88e780e60f101448dadc4a4dbf7b97d031f7ebf93e805451b42fcdfRed Hat Security Advisory 2012-1087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.
7e8f5f94bf72960a538fad4d42725e9aea5da69c5f9846af245aac6310ae2bd3Secunia Security Advisory - A vulnerability has been reported in libjpeg-turbo, which can be exploited by malicious people to compromise an application using the library.
6746167e7bd0765f9827c14af5794eb298aaf72032eed86d9f89f72f8ce8183dSecunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
79495c753d7bdcf664c5e050d3dc2cbf9e1409a44ee549125e2f008323b99402Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, hijack a user's session, conduct DNS cache poisoning attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
ce69b79390458470473b5ede3a1a6474a753248ad9990e178344a295ea8b7d01Secunia Security Advisory - A security issue has been reported in Yahoo! Browser for Android, which can be exploited by malicious people to disclose sensitive information.
0ff59b267763c7779e3a08623e1a75c22256bb1b843479bc353417964e7778ebSecunia Security Advisory - Red Hat has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
51227d90eae325e23f612a5c4a03f71c6a44f0efdbe3dade8902d23b959d3ab7Secunia Security Advisory - Pawel Wylecial has reported a vulnerability in CakePHP, which can be exploited by malicious people to disclose potentially sensitive information.
f9db0b5948971197dca59ff2020c1990c0ffecb798698f259baecbfc065c8307Secunia Security Advisory - A weakness has been reported in IBM Lotus Protector for Mail Security, which can be exploited by malicious users to disclose potentially sensitive information.
8527565c9fbf46f15af4389bd6acf274d11a8ce0f62bde9245791b651961dec7Secunia Security Advisory - SUSE has issued an update for libxslt and libxslt-python. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of an application using the library.
1cd3cc628c050c7ba4b71fcca7a23ed1f9c15cbf02b657cb22940760d27712e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed