Remote command execution exploit for phpBB 2.0.10 that makes use of a flaw in the viewtopic.php code.
aee65c849185b91d9b59593d7e00fe8fd6ad03efd250948a95761326bdf70a7dGentoo Linux Security Advisory GLSA 200411-29 - unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code.
00d28a18026243d507fbe200677f214b89fb74f4c7748c5f6654dddbe7e4b685Microsoft Internet Explorer (including IE for Windows XP SP2) is reported vulnerable to a file download security warning bypass. This unpatched flaw may be exploited to download a malicious executable file masqueraded as a HTML file. Full exploitation given. Original posted on k-otik.
5cf54bfc3b98194b62e01d674a293f76a8b55e5d1942178a1fcfe020e729bc73A subtle race condition in Linux kernels below 2.4.28 allow a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. This flaw could be used to gain elevated privileges.
d671cbd752252bb78a3d63491ad5f4be3c8c380bfeaa1eecfe09915f101df920Corsaire Security Advisory - The aim of this document is to define a vulnerability in the Netopia Timbuktu 7.0.3 product for Mac OS X that suffers from a buffer overflow.
cbc907a49668c0fcf9a73b904dee166db917a6d624962997421a44440286d2aeCorsaire Security Advisory - The aim of this document is to clearly define several vulnerabilities in the Danware NetOp Host product that suffers from multiple information disclosure issues.
42db080f94b4a9d2053f5f711e043ba751541dcd77b4eb01d14059438cd13bceOpera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.
1f4ec2410d1b05e6a1c8e4034bf16cf1d34b5675d0c35d73f31016c81d7cf149Altiris Deployment Solution 5.6 SP1 (Hotfix E) suffers from a privilege escalation flaw that allows for SYSTEM level access. Step by step exploitation given.
2eeeb547e723092ea08f4321e09bdaa44b9d7db09a51e44e2d576c63d5afa53bZoneAlarm Security Suite and ZoneAlarm Pro have been updated to address a vulnerability in their ad-blocking functions.
6cdb000d655e7f0ca7361b33bdc652f24d545c5b63e5cd6664020f90d068fe59A privilege escalation technique can be used to gain SYSTEM level access while using the Mailtraq administration console. Mailtraq Version 2.6.1.1677 is vulnerable.
754a99a37c23e5ce9586839e1dbef857f90469878efeac14f8dd013ad62fd9e5SLMail 5.x POP3 remote PASS buffer overflow exploit that binds a shell to port 4444. Tested on Windows 2000 SP4.
e52e26d43fc8281cdd86366385864d1faabe76d496cbf284434a32a5b495a1f4A buffer overflow exists in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Demonstration exploit included.
1b44dbca0b215e58195b7ccab58ff39ef302fbcfb6e5a9242f59b5d2f444e7c9AppServ versions 2.5.x and below use a blank root password allowing for compromise.
bcef00af38b54207c93431630430ac96eb1b1336f0fb89132738ac874a8f83ffUnofficial addition to the NISCC DNS vulnerability advisory giving an additional list of vulnerable implementations.
9d1582d18317951d040e27cb9e70fc96fb6dc9de1d083244f6f511ef364afe1eFreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.
6a018e23dd8de8d84de9f7d1f8a504a855c7a82a0f3059e216c48ef84a19658aAn input validation vulnerability in Invision Power Board version 2.x allows a remote user the ability to conduct SQL injection attack.
eb51a14581063ecdb55762f96413e0fed28ee78821e319e6748be503de8978cdVulnerabilities that allow an attacker to inject malicious PHP code exist in the phpBB2 forum using the Cash_Mod module.
624d762e4f5dae8b18a82ee5892ea42e4e0889fbe304466a9772639cf8109294Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
c523a041b3bc82189566ff9554e40f8715e7d4a5d1e9058a5fbee8335170bea2Gentoo Linux Security Advisory GLSA 200411-26 - Improper file ownership allows user-owned files to be run with root privileges by init scripts. These vulnerabilities exist within GIMPS, SETI@home, and ChessBrain.
0da976e17df1840210df7a15cd86d9adac4c3b8ba12f57922846856c843ac5b5Cscope 15.5 and possibly earlier versions may suffer from a race condition that allows for local compromise. Proof of concept exploits included.
7ae2b4d33100aae1c181383bb5e6a8fb9fb26048a4552dd090b6f87f7443ab82During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.
b7b977ebbeedcfaf0b2c7258fb9da5b47131762e6dff111d09944b9387963f4dThe Click and Build online eCommerce platform suffers from cross site scripting flaws.
6c6ea864e68c41963fd5902ca74a270ebcd833579e2044b24db470808208e7ccSecunia Security Advisory - cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.
e5045e765f5620e40be7400c96987a38ac99f4efa59cbb8f0b8fbaee14baf687Microsoft tools ipconfig.exe, forcedos.exe, and mrinfo.exe suffer from buffer overflow and format string vulnerabilities.
4519930c5ff226431824ee642aab5cd3cd1f1dd4ceea32e9e703aaa8dc9d9c45The Event Calendar module for PHP-Nuke suffers from cross site scripting, path disclosure, SQL injection, and script insertion attacks.
a36efcbb8d52ca32bb59f65773b5a67d142f0908a7cc7268b38847facdb0b68d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed