Remote exploit for phpMyChat 0.14.5 that adds an administrative account.
7411ee8518fab68a41d30bfd0f3a94f3fa20cc9fdda22d29b84c18d9b0cd26c4e107 remote exploit that makes use of an unsanitized include().
cd5aada48bdc5a139e6392fe6b608c74e14b107752b6f4d4ebbbaf991a51b73aSnort 2.2.10 and below remote denial of service exploit that makes use of a flaw discovered by Marcin Zgorecki.
c7fbbd3f91d794211960acc56728edd5777ce592334a760455dd34da3ba6b9b4Proof of concept exploit for the PHP openlog() vulnerability inherent in PHP 4.3.x. Tested against Win2k SP4 and PHP 4.3.5 on Apache 2.0.49.
c76ecf21b7fef34aced0447101f64c0fa0c6366a73bfc96fbd6f8197caf0188aSUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.
33dc31be78ca5e3977e85f547109e74aa7194178815f34ca51fdf15b7796bf54Debian Security Advisory 615-1 - It has been noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.
105489ecba46e0b84ad11128151f35d3c5339f20fbbd9dca43fe21d82ca92792Secunia Security Advisory - Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. Kernel versions 2.6.9 and below may be affected.
5b4e7bd876b2c0105d3442ebf86f0200e6eb8fa2052ac526f9f8ac1918473a7aAmusing tidbit showing Google segfaulting.
baad030777afff8736e17d8fe3f4fad86e49921d89f905960698e6c1306edf62A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.
9cf73029ae65a9c940c9cc21f96e0bd049756e8dd0f54bec1a662a8e2357de332Bgal 2.5.1 is susceptible to a SQL injection vulnerability. Exploitation provided.
9a2dbb5f5acfb65a3f43b234c977d512f725cbbcb8a6d45c14c699ea694b9d67Technical Cyber Security Alert TA04-356A - The software phpBB contains an input validation problem in how it processes a parameter contained in URLs. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Systems Affected: phpBB versions 2.0.10 and prior.
bcc0a91462ec61918460ced5dec06dc78ce045465a724767b4cf4ebfd3939ad8iDEFENSE Security Advisory 12.21.2004-5 - Remote exploitation of an integer overflow in libtiff may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag in libtiff/tif_dirread.c.
8a8254c9fc0b1a9b393e44e322fac00ab2ce5872586a7de59b5126de5d2f2431iDEFENSE Security Advisory 12.21.2004-4 - Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.
29d38151960c7c164835aed41fe8fc1b9de34bb6dce44ac108c2d43e583658a1iDEFENSE Security Advisory 12.21.2004-3 - Remote exploitation of a buffer overflow vulnerability in the file transfer protocol (FTP) daemon included in multiple versions of Hewlett- Packard Development Co.'s (HP) HP-UX allows attackers to gain remote root access in certain configurations.
e6fb6e9831d72b8cd2e318ff1034fcc3a487c8796b7f3ac850a08969a89bb817iDEFENSE Security Advisory 12.21.2004-2 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the PNA_TAG handling code of the pnm_get_chunk() function. The function does not check the if the length of an input to be stored in a fixed size buffer is larger than the buffer size.
d6afd3d99b88e5483ffb27704c1f1a65acec30f4a18ef18ccbc5c62ee843aaa8iDEFENSE Security Advisory 12.21.2004-1 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of the pnm_get_chunk() function. These tags are all handled by the same code. The code does not perform correct checking on the chunk size before reading data in. If the size given is less than the PREAMBLE_SIZE, a negative length read is made into a fixed length buffer. Because the read length parameter is an unsigned value, the negative length is interpreted as a very large length, allowing a buffer overflow to occur.
4ffb3232d93ac3364db09202c911d530375ae55fa093841651615ff8beaf647bDue to procmail sourcing the .cshrc of the user it is forwarding the mail to under the root uid, it may be possible allow for local root compromise.
89d5dc7c99ad6603e679babfdbf0bb8788d7ee9d5f0e25adfc3266f6aaea5d83A year after the flaw's discovery, this tool has been released to hijack HTTP connections under Apache and Apache2 with mod_php.
ff8bb3d5e961d477e147a318fc0c64906481bbf025167c3c2c2e37c6ac5fc796CuteFTP Professional version 6.0 local denial of service exploit that makes use of a flaw in the client.
daa23e42c47eed98d84004e5b252b4271f1b5dbd8762bbe7fffe1723ba842163Secunia Security Advisory - Bennett R. Samowich has discovered a security issue in Crypt::ECB, which makes it easier for malicious people to brute force passwords. The security issue is caused due to an error, where plain texts containing the ASCII character 0 is incorrectly encoded. This results in a weaker encryption and encoding collisions and may e.g. make it easier to brute force passwords. The issue has been confirmed on version 1.1. Other versions may also be affected.
f24f834ac6d66259288d7b5697a6c9d755b0214c9ce0ec698da9694067af1706iDEFENSE Security Advisory 12.21.2004 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.
f6afe7f6a50c802f304a6367c43f84a34223a2a7528a2adb2348b94f3ab6610fGentoo Linux Security Advisory GLSA 200412-22 - mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.
06113c8181dc1ba5a683c15a7ca090db57963aad840e3fe8fa578437623c75bbSecunia Security Advisory - A weakness has been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service).
deb4bbfd8ff2027227266c60de12d16fe79d7b78e45d9a5f362b621c3bba3b68Technical paper detailing the recent flaw discovered in the Google Desktop personal search engine that would allow a third party to read snippets of files.
bc3de621a7d0768b813e469932ef206b664a8991be9263bc21fd71e79a3846a2Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
0d382df0752cbac48c63a72e9a6d0b795444e664182c8248c9b7b2b8acb31c4e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed