Defeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.
7cf148e1ab70f4357ff232e00ce6a5f24bef89a12e5de8bc87246be02511702fIndirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.
7f8124fe32864ca4771a493debdf86f128eba3b844b6479d4bfc1da1fee9ff8aOpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
1db2c81b325a11b28837a0856dc30080a87ebbd7a7462ccc43a328ae1aaabdf4A denial of service vulnerability exists in CVSTrac version 2.0.0.
c3e819ccb3c01d6ba451eb4cc93f2bda4fecfbbdbff2faf373697b773a92b7c7Universal exploit for vulnerable EnumPrintersW() calls related to the spooler service. Allows code execution with SYSTEM privileges. Affected includes DiskAccess NFS Client (dapcnfsd.dll version 0.6.4.0), Citrix Metaframe - cpprov.dll, and Novell - nwspool.dll.
2b62efa9f7692468c57fd5ccfb6faa392631ea515d577bee9c4b44042069ea68MDPro version 1.0.76 suffers from multiple SQL injection vulnerabilities.
67b93c40bf535eae6b65f8d736d5676b8f99e6ee8e43003bae1bc46428309adbPhorum version 5.1.18 is susceptible to cross site scripting attacks.
d7d2b47d9dbdca9ea9a6793b7db5dbf6d0f4a006257debc2f52d2fc35f2f5eeeCall for papers for the VII National Computer and Information Security Conference ACIS 2007.
dd0782f05bae52eecf61023092cd375013e530fc91712ed24047b14d4a4fcd1bOpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
efdefa323f0250b7bbccf97b1808ac633e806735791adbf26f360bd1575549c6Debian Security Advisory 1254-1 - It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extensions. Please note that the CVE listed in this advisory is incorrect.
6cd0b28f7a592d03c87e7a76555f16a04e17f15468171c11f59095f9b4adf432Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
a2f484f050a3539545bc04527aebfb7718411d5e564498448fa7024d15700ebeMonth of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.
5b0f7f222237672bd530a2f1c52368b0a593f5907f49c47913ca01b2f7900a50zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
af33c3e95ab78780cc665425a8501f20125bfaafaa42c3a591b2d0d864512fd7strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
0592405ee0823ab30ba95d77a05c4c3abf75a7700369c7081cf3027f88779728Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.
7647220d9c735a9b47abfad651bc8d1729cce27857d94c6cbefbe73b4a289997Small whitepaper discussing Nessus and the functions related to writing NASL scripts along with some debugging tips.
5dcce405cebc18a2ae6613adf1d60c2234575ab10fafd44022e7bd6710af2778Heap overflow exploit for msgeng.exe in Computer Associates BrightStor ARCserve Backup.
a973115577880be9cb7f40039a629b7c8037ece864581b839544fb8c6ac71cb9Gentoo Linux Security Advisory GLSA 200701-25 - Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Versions less than 1.1.1-r4 are affected.
3fadaad7ec9d1fb7eac7fa1a9be6db52dde726e16a943a5cfc90ae29ac43e978Debian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.
903b8d0b1637e035832fd2e1b4594cbb4040713c207066157a72c19363a420f3Local Calendar System version 1.1 suffers from a remote file inclusion flaw.
c50edb7132dd5b2668271546d7f7ae83b5d0845c3dac08229c7671e138c9c4cdDebian Security Advisory 1252-1 - Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code.
b0db124c8561325792c13a5af9c131d5054868d9821503f2946b24f92ead5191AdMentor suffers from a SQL injection vulnerability that allows for login bypass.
963c580bc9e516ab4a0a77b6412697f0b757200ddd54f6e66e93392c639e7af7Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.
dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58deUbuntu Security Notice 398-4 - USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem.
bea97abaa047b10151e1f611823e730cf0576315c5c5e840a4936905b535ad69Mandriva Linux Security Advisory - The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
67370c064597b1b36cf3c0e4cc4bc41027683a938bcdd961a84d300d60b2634f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed