Hustle Labs Advisory - There is an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. All versions of Novell Netware and Novell Netware Client for Windows are affected. All Netware based versions of Novell Open Enterprise Server are affected. Detailed analysis provided.
435daa5ce9ab016eefbb6be70ac9be842be30a1b33f6b52faa8e122246865e00CYBSEC Security Advisory - SAP BC was found to allow reading and deleting any file from the file system to which the user that the SAP BC is running as had access. The vulnerability is present in the Monitoring functionality of the SAP Adapter. Versions affected are SAP BC 4.6 and 4.7.
c8bc6a731b2ebaef23b185c3f666d7668b9b2e2c18e43dca79c563367958356dCYBSEC Security Advisory - SAP BC was found to provide a vector to allow Phishing scams against the SAP BC administrator. Affected versions are SAP BC Core Fix 7 and below.
e4688a58b3fc3a976f7bd7797de8dc2f0af5aefdbd7c421d0bc8ed09af417d40SDC, or Self Decrypting Binary Generator, creates self decrypting binaries for common operating systems and architectures. The target file is encrypted using Blowfish in Cipher text Feedback Mode (CFB) and appended to an executable which reads itself and attempts to decrypt the appended data when it is run. Targets: Linux x86 (ELF), Windows x86 (PE-COFF), OpenBSD x86 (ELF), OpenBSD arm (ELF), OpenBSD sparc64 (ELF), FreeBSD x86 (ELF), NetBSD x86 (ELF), Solaris sparc (ELF).
f8223b21d9e0665d1c51a15c3ff8648c9be5ab04838d19b5a89c5059b1b40affSecunia Research has discovered a vulnerability in FilZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive. Version 3.04 is affected. Earlier versions may also be affected.
3ea41b8aba7ca95bd8dfdd303738878ce172f63b3e466ee5588ce610127fef88Gawab.com mail services portal system is susceptible to cross site scripting attacks.
d8d7d2ef54d3c3fcb6986599329310e4567a2a699d9d65bf0bf71f7357ff19afRealVNC version 4.1.1 suffers from a remote compromise flaw due to handing authentication duties client-side.
575d4d8012ea1b81a7f308b1adc4ab1ccdb5101261007d38109f509b506a41f0Azboard versions 1.0 and below suffer from multiple SQL injection flaws.
33476bf6f7b838cc5ee3c6c04715ba5a2b1e936850c0edfb6d4eadfa6072ddabSugar Suite Open Source versions 4.2 and below "OptimisticLock!" arbitrary remote inclusion exploit.
77e5dd9f28c3e01dc8a9868b7af02e63e8cf2b18767c50b305a2f5ddce4b4526ClamAV freshclam suffers from an incorrect privilege dropping vulnerability.
d99dfdbc0180fa1f1ace658b029461b9473dd08a3bfa42d4a2b470b5aa3e3137Squirrelcart versions 2.2.0 and below suffer from a remote file inclusion vulnerability.
8721a30af3435fc7a848a6b4dd09d748c70ca04d671f8fd033779791d626f30532 byte execve() shellcode with 'fuck up disasm' ability.
ad2250ea9791a84a522c61851997606eabe8ac44ff645a9b816167d06cf67db5Proof of concept exploit for freeSSHd version 1.0.9 that binds a shell to tcp/1977.
70e91e619f7b15419f449c464f030d79ebef4b1c68ffdba75c776fc7981ec059FreeTextBox and FCKEditor Basic Toolbar Selection suffers from multiple cross site scripting issues.
347fc292d33982b168fe1dbe0532a4493cac2665e27361070444c1d7786872fbRadLance Gold version 7 suffers from a local inclusion vulnerability.
1317884f3ad234638251154450f85c9f4baa3c399e07ae6ec445aa549df2bc6eIt appears that a slew of various programs written in PHP suffer from full path disclosure issues.
57ab05eb50aeb458e9fab1a25a559ad1ce839d9d3d6bec5ae4da8a5dc1d3dfd2A vulnerability exists in the PHP Apache SPI POST parsing code.
981a73c9bda4da413d07f9fef5fdd5da85ad7f6ec1508d8507992215953bbebcTechnical Cyber Security Alert TA06-132A - Apple has released Security Update 2006-003 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
4f2ec34f941fe093f4e56ef2b2f7d31e9e3d5da629419a3a2ea771f892859abephpBB versions 2.0.20 and below Admin/Restore Database/default_lang remote command execution exploit.
f9d3921b88b7d38f8dd1c86e993db4423b760341e44259693d4238be5f419d4cGPhotos versions 1.5 and below suffer from directory traversal and cross site scripting flaws.
8e74a3bed766b60506f332590b45275a84e907067d59eb2a1a674d844971a4c2e107 CMS versions 0.7.2 and below suffer from a SQL injection vulnerability during cookie processing.
8617e73ab061bd89bab2169af72c7e7eb60ddb9639bee6f4faabd4c73f32e1feGNUnet version 0.7.0d and below suffer from a UDP socket unreachable flaw that results in a denial of service condition.
2bb144fa16a61427cce5ae975b2f613cd351f32f24b474dffcf65e9fc815cea0Proof of concept exploit for Outgun versions 1.0.3 bot 2 and below which suffer from various flaws including a buffer overflow and invalid memory access.
7a9a16557778b5a2514c31944464e80e5a3a2e6dd3eb46139194396fec182790Outgun versions 1.0.3 bot 2 and below suffer from various flaws including a buffer overflow and invalid memory access.
888fe151c69e0efbea95463d4b550ba2d5c4fa1b28a59390851de2a778457f75Proof of concept denial of service exploit for Empire versions 4.3.2 and below.
6f63e140ff96ace0628fbc5d6fde47faebc2d5850ca341f96461aaa8fb23b72e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed