iDEFENSE Security Advisory 05.03.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X Server default install allows attackers to execute arbitrary code. NeST is the NetInfo Setup Tool for Mac OS X. The vulnerability specifically exists due to insufficient bounds checking on the argument passed to the '-target' command line parameter. Local attackers can supply an overly long value to overflow the buffer and execute arbitrary code.
0c4cd80a8e3d38cb59c61f0869356ce10010ac85f79bb0f97bfe1f1caf72ece0ASP Inline Corporate Calendar is susceptible to a SQL injection vulnerability.
5ba799d0d46135bed045937cc3a0414d1df63c9d205b8878fcfc7a03a2042adce107 version 0.617 suffers from directory traversal and SQL injection vulnerabilities.
ef2b5c85153677f18bc3f8e720dd636c90ace7a8112dacdd3e4cfcb88ea2d29dSitepanel2 versions 2.6.1 and below suffer from cross site scripting, directory traversal, and various file manipulation flaws.
bf1bec8fd01bb8241debc401e8eb81f226ce350eea7f6f5ab751654f1137bcfbProxyCap enables users to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. It can be told which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any clients. ProxyCap provides a flexible rule system and allows the end user to define their own tunneling rules.
226f75426a557c301c50ae65e8cdbce5a0209a71424836dfdd491d461f815e00Secure Science Corporation Advisory CSA-056 - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. A vulnerability was found by the author within the signature scheme used with the Elliptic Curve Cryptosystem routines that will allow arbitrary signatures to be created by an attacker.
b8ad4e6b033d01b8ddf58a423ef32c097bcb846cc0417058b55c70ae4bb633adPHP-Nuke version 7.5 remote code execution exploit.
b07b52721366f8210a369cf5ea7fb60b1d2d1108f367ea9b3eb53b8641382132Technical Cyber Security Alert TA05-193A - Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.
2303b682f52871a9477672e8a66f71e91112dbef891869a7006d70bee863bdb7Pear XML-RPC Library 1.3.0 remote PHP code execution exploit. Written in Python.
5b00e2c1dec4d05c6fea96b4f2f0887c7238f88a3f83c7bdbce51ab86de341d8PacSec/core05 call for papers for the convention that will take place on November 15 and 16 in Japan.
0e22b2a32dd1a0438ba57fee33f835e6665b5ab2c9deee4a031f1ce6e75f5469Yawp/YaWiki versions 1.0.6 and below suffer from a remote URL include vulnerability.
a84f980bc610b65689b1c82b416b74a4353c6933a5905db5d83859b2d7ec3d28Gentoo Linux Security Advisory GLSA 200507-11 - Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CVE-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CVE-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CVE-2005-1689). Versions less than 1.4.1-r1 are affected.
a5893eec4017eab8013960f593431f9eb1f82c27e1b77c5ce9a885dc8c2262fbMIT krb5 Security Advisory 2005-003 - The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code.
c917c32c8bddc3aebae93248fef24b5a38190c1463b051a86386603d031bc95aMIT krb5 Security Advisory 2005-002 - KDC is susceptible to a buffer overflow and to heap corruption.
8ff75e490e1fcbb8b37693e060305697d011a5db2eedf60375cc98a8368833ffiDEFENSE Security Advisory 07.12.05 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow execution of arbitrary code. A specially crafted .doc file, containing long font information, can cause Word to overwrite stack space. No checks are made on the length of data being copied, allowing the return address on the stack to be overwritten.
5142a2e97ae7128ef825faf0417ecb073931c21b6dd08425920cbd4d5d166a99SoftiaCom's wMailserver version 1.0 remote denial of service exploit.
7557765c5ef49c4ab55aadfbc153e91e9aff67989be5d12841a7ee97cfa367caBasic XMLRPC exploit written for Metasploit.
afd99ce56b043d9c761badf25d692314333c40bc7c231e8d363e0b0546cf891bNokia Affix Bluetooth btsrv/btobex makes poor use of system() allowing for remote command execution as root.
43a7a7e9ccef6513cee8d509624d337031032bd9abeef5a58831ab2c8a4e6ce6Cisco Security Advisory - Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.
6a1601a182d9fae7ba05c04f697dfd084c427b640b140e3fc1d59de74b1b25adSecunia Security Advisory - Eric Romang has reported a vulnerability in Elmo, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
d2398c45bc96356e72d41c8ab9f11869fe19bf4bb614014c2305ef5a8d8ee83aSecunia Security Advisory - Lord Yup has reported a vulnerability in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
e6b687d3307f74f0e1c964e9dbd563824cc8ddaaa0a61ec0e1253c12ffb51162Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
c7284448ebf34d023be5532b031cc33849e187ef888ace5c814d12f2bad91ab3Secunia Security Advisory - SPI Labs has reported a vulnerability in ASP.NET, which can be exploited by malicious people to cause a DoS (Denial of Service).
a0b6148f3fdc3c9faf2eaaa05f8751547053dd4d5ffe4b7c27f18e34b64969caSecunia Security Advisory - A vulnerability has been reported in BIG-IP, which potentially can be exploited by malicious people to bypass certain security restrictions.
37bcd1a93580fba329e9375af6281461a91719945f3d88a3c8b79f91fded08e8Secunia Security Advisory - Mandriva has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system.
bffa87152b5e87bc2414c15d79be5df22fb01528dfeadf66d762b5f298452a1d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed