Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
b981e4326e87927ea14c54f445d1d8c91ca8bad5b3c606732b39860b492a641aMonth of Apple Bugs - Exploit for the Application Enhancer (APE), which is affected by a local privilege escalation vulnerability that allows local users to gain root privileges.
022ab59da53042f4ad0dadf5efb09eb65b8d7f1c45cfc3279afa1c3afbd66fbfMonth of Apple Bugs - This HTML file is an exploit for OmniWeb. OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution.
297d0995c250f8cc72592389a406917ac1bf22428361bbff663a27278cf94085Month of Apple Bugs - Warning, this pdf is an exploit. The current PDF specification is affected by a design flaw, a rogue Pages entry or malicious catalog dictionary could cause a denial of service (memory corruption condition, memory leakage, etc) or potential arbitrary code execution in the reader application.
7befba5152c7b30d54a97e3a52d7ff58a3858ea958dac2460153bce1334d0e22Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
d23d1ffe7410fc22b798de3144cff78a0f519bb100421ea6abce589bef246321Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
9ff09c4c31ae71fb68fb87e214f17eb7e955b0cbe68a242d876ba38452f4a223GForce version 4.5.11 suffers from a cross site scripting vulnerability.
7c397cbc606e6d927b4205174cc6c2b7d0935c5310470ec09dbe783ee5343c04Critical Security OpenBSD 3.x through 4.0 vga_ioctl() local root exploit.
6645a5c0890cfe318350a5af352787dbb534dccd135c4f235e795d1ab85e7d87fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
7730b4cbc522502f2d12a5b895c6618321b649f03a6a1b3ab8ccc5ec191fc8c6VisualRoute is a traceroute tool which displays a map of the path to the destination server by looking up the geographical location of each traceroute hop. The network service provider is identified for each hop, and instant domain and network whois information enable quick problem or abuse reporting.
c75ed4536af9bfec5f36acbb94d9366b7e267f2c059309c66b9424e61b53ab90The US Department of Homeland Security's "Vulnerability Disclosure Framework" document.
582fab10411195352c3c7c264ac43a5fe82a67a539153f9bcdae39edbe51c6f4Debian Security Advisory 1247-1 - An off-by-one error leading to a heap-based buffer overflow has been identified in libapache-mod-auth-kerb, an Apache module for Kerberos authentication. The error could allow an attacker to trigger an application crash or potentially execute arbitrary code by sending a specially crafted kerberos message.
c9a1f482592964f332005424fd001256d3c72cb2e867cc031624774cfbbc1bdcDebian Security Advisory 1246-1 - John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.
c6505f1b044f3845d4eda54bb6fb486963985da507663c1c77ffdc547b233f51Packeteer PacketWise version 8.x suffers from a buffer overflow vulnerability.
21a38eb759ec8845f73b1ae7ba4e00f8b49c0fe1deaeef58a74f51fc51c5f061The Magic Photo Storage website suffers from a remote file inclusion vulnerability.
1f1cacd6e29c1b8d3661d861dfa1fcf11b77247dc9ba0e9af1a5452c23673897There is a DACL weakness that exists in the HP all-in-one products drivers, which can be exploited by malicious, local users to gain escalated privileges.
4cdf87116b8d9ee3c3f00f60c40288c8b169a7243a24ee7362d44092701f936fCenterICQ contains support for LiveJournal (http://www.livejournal.com/), such as posting to your own blog, reading other blogs' RSS feeds, and other community-related functions, such as showing whether a user has added or removed your own users to/from the friend list, all via a unified HTTP interface provided by LiveJournal. The latter functionality is vulnerable to a buffer overflow and possible remote code execution. Affected versions range from 4.9.11 through 4.21.0. Proof of concept exploit included.
b6dc98674cfbf8ff44212a63d67c5667ac485c8229d5b0f0f60c18e483be0ad0Camouflage version 1.2.1 suffers from a vulnerability that allows access to encrypted files.
3616dff73eb9b4c3fa73c077a974cbf60252e6c3f0c60c687ef51d0956eff55aRFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
9beec004be0133e4f53e2256f580067810718d5277029a17fe8f20990b0b4502GeoBB Georgian Bulletin Board suffers from a remote file inclusion vulnerability.
ad45fde38c33b04c12b8965c4f7ca67a60f4e0e39c4d961bc1ef0ae3ed56fa77Dayfox Blog suffers from a remote file inclusion vulnerability.
2a75968f7aefdb5c92527e2061fc91bb005406e41f530614ae277034fe5c754aDebian Security Advisory 1245-1 - Martin Loewer discovered that the proftpd FTP daemon is vulnerable to denial of service if the addon module for Radius authentication is enabled.
50fcc58bdb5e7e7fdd77b15acebd5b68c5c089cd4d7cb3553c68bfafab2f21cbNUNE News Script suffers from a remote file inclusion vulnerability in custom_admin_path.
1d27dbbdd194900ae50fa7cd0e39c7b8bb6948f22ece57a1d400f8e2f0d39d56Uguestbook version 1.0 suffers from a remote password disclosure flaw.
d52a22e994cf06287c3395daaa40cb1adfaaf4ba35796b648c44cd0523a8bd11Steganography version 1.7.1 and 1.8 suffer from a vulnerability that allows access to encrypted files.
2866bc89f0024863497a19a2f5736883c6b6fa1e4738291d9918b88532f1aa4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed