Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.
ecc8ca506c0501b6a06a3dce70b0267fdd8463686c38cd7f7364ee7acf7ad640Month of Apple Bugs - Proof of concept exploit for a local privilege escalation vulnerability on Mac OS X. Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation.
5d79f7e869386b86fb511af90c48ec4794090cc26d9550ab41fb92e9be07807cMonth of Apple Bugs - Proof of concept exploit for the _ATPsndrsp function. The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.
ecaf4e16cc626471b59446fc33fded909708cba04efa57ef9ad8f795f1e0ead4Month of Apple Bugs - This is a specially crafted HFS+ filesystem in a DMG image that can cause the do_hfs_truncate() function to panic the kernel (denial of service), when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+ filesystems corruption.
2dad00428d7585a35288df4bbecb6e942d5b73244ab459f875cd6d71f91ea91eHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d8aeb79b92b6059805d1829538602188dfac282eee03566c175cf7835503a3b4HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running IPFilter in combination with PHNE_34474. The vulnerability could be exploited by a remote unauthorized user to create a Denial of Service (DoS).
8eabce6e4d4156a30dba9f636fbfb64b56816e317b7f6c397af96bf77f56ae84There is a stack based memory corruption flaw in Microsoft Help Workshop version 4.03.0002 while processing .CNT Help Contents files.
28e74c4a2361a0b2c829f60c9ac1aabe3af7d1601df5e32a1159e08b9c459611myBloggie version 2.1.5 is susceptible to cross site scripting attacks.
b7a360330a323b3890c837349bbe882e68310b3af24f5f4e13aa5d876fabf840The Oracle Reports Web Cartridge (RWCGI60) is susceptible to cross site scripting vulnerabilities.
abb9e38652c696f842002f0085e4b520d7499222cd79a15df00e7c482b217a87All current versions of indexu suffer from multiple cross site scripting vulnerabilities.
b447ce6fd0acb6a5a9c87bcb5cb061a97c7da3f49f7e1bc5aa79f1048140aa30SmE FileMailer version 1.21 suffers from a SQL injection vulnerability.
3f63e395d35d4b1193354a664932e18f37741341e9c378c044d095922130a268Debian Security Advisory 1250-1 - It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the "cmd" script, which allows SQL injection and the execution of arbitrary shell commands.
9e1b65a02f6fa7168534a398fa4d538e036279dcecc7da7340d931fc85afb9eeTechnical Cyber Security Alert TA07-017A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
ddd74c776e4aaf2823cbeccd178a4919aa998de32909cc1d6918e1455c29ddd2The AR7 webserver included in the AVM UPNP service for windows suffers from a directory traversal flaw.
73a8497aa93f7bfe962d0916345fd837b5ecc1afec3e6a75ca618e714c2188bdA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java Virtual Machine (JVM). User interaction is required to exploit this vulnerability in that the target must visit a malicious website.
5bbd37c0760ca20f8fdb9bc66fc2a53485c90a9f09efba7e90ce16b25cd7d61eGentoo Linux Security Advisory GLSA 200701-12 - Jos
974a3405324c57ad32c2b72499cde7adc0676e398aca06c9145b682744310105Gentoo Linux Security Advisory GLSA 200701-11 - Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Versions less than 2.1.4 are affected.
5fb94379653d3aefe0c75ab38ba983504e1766b989fd9dd1e82e8be25bc84660Gallery versions 1.4.4-pl4 and below suffer from a remote file inclusion vulnerability.
a8eb45a577ed5a9445d7bc7d0e3669b59256b3aaae89cd074f0c4ff84ccc4bf7KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
42812a15864105269027b14064b13deb20beeca385431654ec9eb079ccaf20c4MS07-004 VML integer overflow exploit.
8720ba9be46d803b2e83d552c327a827ec84c3104fe57f40c30cc0562ec67b2eMandriva Linux Security Advisory - The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
b82cc9aa5607ba2da5254bed42a100313ece7220a2cc01e296c60d2cc9db67f5Secunia Security Advisory - Ubuntu has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1948d55db7d6425ff9768475fbb7baea2761302c4e0cea838e7fea6390b07118Secunia Security Advisory - KF has reported a vulnerability in Apple Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges.
b6f1bbb41c55674211aaae33676791901505cbbc410ac6cc91cdcfb6f91edb12Secunia Security Advisory - Mandriva has issued an update for tetex. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
316a3f3d4ddbc835b9ea13ec6629bd38961ca27e51f128dace5f4f32ac8364bcSecunia Security Advisory - A vulnerability has been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service).
d24f3c450a57e02ecfd5bb88c4b5c1175fae0229c99960876ab8e89c0a24b0c7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed