Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.
5a7280c2e84db6499337852cb17b9d7dc4fa7639fe87c2d1243fd24daff9054aMIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
5915f86c61c9564dc34aa5cb655f913b024147f3860c66cbc95b45eba5a08091nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
38f1deb68991c9367d3f5af63c37929863c468ed1f7958e5e54d93151471ef60hpqxml.dll version 2.0.0.133 from the HP Photo Digital Imaging software package has a flaw that allows for arbitrary file overwrite on the underlying system.
d5ed8c3f7dc685ae2d44fdc333686f1a4233c2473a12d3a6228b16977266b09bQuickTicket version 1.2 suffers from a local file inclusion vulnerability in qti_checkname.php.
71544a547a68d6a05fbf7e16cb9e1f8f5a8727924b0b7b3cc17fb1621087b31aQuickTalk forum version 1.3 suffers from local file inclusion vulnerabilities.
5068c4cd8d68ec79194cf3bcbbf8697e40574eeb0fa6c4127c8a3b865ccc8a07Sony Network Camera SNC-P5 version 1.0 ActiveX viewer heap overflow proof of concept denial of service exploit.
2848e6b5ecb0750e5005ec474e44c950ef5b91decc2778a0e20de5d37482ca14RealNetworks RealPlayer/Helix Player SMIL wallclock stack overflow proof of concept denial of service exploit.
68e14478e4f096f8efadeb0d94891a14ff8995292a98f99547bb534907b4ee37152 byte Win32 tiny download and exec shellcode.
d853d553fc7f574925a19fb5152e8bdc2901115fffcf6c04f6b041fa3fb266d1It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
40dd024bc2d874958a21e126057bd31b7ed7d0c86e440e3d7f7f5635a1c9819cISR-sqlget is a blind SQL injection tool developed in Perl. It supports 20 databases, has various evasions features, SSL and proxy support, and more.
4ac98124e44160901dbd4f0fd6e7b92ffa530dcbfcbc73d2f2122fe5549a1093Simple shellcode generator written in Perl.
03991e43ec5d4d5b8c519651b343e547584481d7614bcb0c1b8961c3ebb016beMandriva Linux Security Advisory - Multiple cross site scripting vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web scripts or HTML.
1bbbe676ac186d3ae6bd66dd9d54848626a7c80788f138d68e26053c9496a365Debian Security Advisory 1320-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. It was discovered that the NsPack decompression code performed insufficient sanitizing on an internal length variable, resulting in a potential buffer overflow. It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow.
62a4dcd169bebdf40e44a94dd161b10f047c7e6c91ce7107661336b7d9b5089dDebian Security Advisory 1319-1 - Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server.
402998143f0f2092d26bcd32bc571ec697568c6b823e5fe4dee1f4a8ef9c0560Debian Security Advisory 1318-1 - Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client.
5c48b9b7359ae496f303d7bea1ef0aabd1f975e1ffc22adfcd9dd2c6442349faDebian Security Advisory 1317-1 - duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code.
3bf1bb01d6597bed9cfb800df13f7d338860554dbaed4e0091223f0bd87bb56cBarCodeAx.dll version 4.9 ActiveX control is susceptible to a remote stack buffer overflow.
5b8f251469b6b6ff16e87adec7af89f0e53ad8ce7a91fe3df07f6af3b97ab875Ubuntu Security Notice 476-1 - Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.
e83c4673488457a524361a3367db932545cc68725676633da10de545d14b93c5Orkut fails to expire or disable the session associated with the 'orkut_state' cookie when the user logs out or fails to authenticate himself during a session.
3a90b01bdb461209a1a19adeb541b056df60200c9788a2bc7f1b48172b8ad24ceNdonesia version 8.4 suffers from a SQL injection vulnerability.
39adbd09c3de049026347d06dcda7c3dd848119e60eabdf6004f1b254c5c1dddVarious CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code.
b9420a8daa8448c325330f47f53519fd6d8bf578d33c969e755fb2c28d048bb8Avaxswf.dll, a library included in the Avax Vector ActiveX version 1.3 software package from the Company Civitech, has a flaw that allows for arbitrary file overwrite on the underlying system.
4ca55d3c8f70a52a5379bf51316724a294795bf8c806940932fe86568b7aca3aNCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll version 2.6.2.157 exploit.
28a728208a8f4004c82fff2c6ff50e58377091a3c0e399bc41dfb3662e338c47NCTAudioStudio2 ActiveX DLL version 2.6.1.148 CreateFile() insecure method exploit.
641ca86b050b1f939e4516b7263fb460927024d0e291ff0eabbbbbf258573c45
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed