Samba versions 3.0.0 through 3.0.26a suffer from a vulnerability where the processing of specially crafted GETDC mailslot requests can result in a buffer overrun in nmbd.
e72f937e9999c88ee69b8d0ed43eb0b5f32cf81db8a0f776c662af87902e6a63HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access.
901b575005153b95860b05640b68707f3a44368b6fc1b79cdcdd6e9459d4a552Invisible Ink is a very simple and intuitive steganography program coded in C# that embeds text into a .bmp picture file. Text can be easily encrypted/decrypted with Rijndael algorithm using a 256 byte key generated with the sha256 function.
3fd38f6939a1a6a60067a78959279f22bb85a3bc033e5a4a095fe6fbf60ad030WordPress brute forcing utility for wp-login.php.
d64fcb649d8746f06fd0d8f6e9998a3656222a4b3bfd7caf6a87c60556bcac0cSecunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.
82afed15d3f975d552bba9eead56ad36e744e8f82013c3f2af53a1c26f333832Secunia Security Advisory - Some vulnerabilities have been reported in BtitTracker, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and to bypass certain security restrictions.
74fb6862d8d545e7487a484f8eb5b4242c968312e1de4f51e943434f43b25c62Secunia Security Advisory - Gentoo has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
e7f16c42b2f5b78a8cd71cba138c3e8c26a0bceb3c743c0eea4f6ed075e674f0Secunia Security Advisory - Mandriva has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ce8180ccb9b283bf11be070e918d84a778396fe7b64544da864fe34d3f85d94bSecunia Security Advisory - A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
5fad95c16dec8a3e07cbdf33cfb0b81bd64e1e978979bca8717268b61f0f640bSecunia Security Advisory - SUSE has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
066ee5efb7887821223bd46020ef1f961a33f319f968d186f54346e9127a0752Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions.
c4c89b1934f04a478723760cd6267a7c68a314bd2aea66b8b81047690e3fe959Secunia Security Advisory - Gentoo has issued an update for firefox, seamonkey, and xulrunner. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.
727010e4d25dac57628eb1874a2dcb014ec0f5ff5caa5d94f786b62f754fb924Secunia Security Advisory - L4teral has discovered a vulnerability in AutoIndex PHP Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
8a9c284844f33a9a5fe2d06e482067daafff879b804505899f6c2ebe1eb07ef0Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
276f26b1d7d2195e581b51cdcdfb98c488e975dcea7894931527c3b91e9ac4eaSecunia Security Advisory - ShAy6oOoN has discovered a vulnerability in X7 Chat, which can be exploited by malicious people to conduct cross-site scripting attacks.
be4ebfa9a960f2ed17f26af7413eed16529676f8c853eb14b2bd32e64c012317Secunia Security Advisory - Emiliano Scavuzzo has discovered a vulnerability in TorrentStrike, which can be exploited by malicious users to conduct SQL injection attacks.
1f5703dcc3ee0da3beba43dd9f5f7faec34b69c4456a441b50badb191171323eSecunia Security Advisory - Ubuntu has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
3bc27e5a8070bd063dd1401f14d7b3bcdb60746b8377afc70c9586d10a636630iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.
ddf3efb648c973e23481ba27247dee4c3391b50406769e418dd0d2779ae4fc6aiDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
d3636fc385ddd79f2efb43a505c489290c2f0348f9f6f5f5b934e9c58f071cf2iDefense Security Advisory 11.14.07 - Local exploitation of a stack based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table. A zone can be thought of as something similar to a Windows Domain. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
36fda99fdbd5125a1d1b3bffbc10bbe5bf332f6cbb674f55ea2665d857cc06dbiDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. When allocating a buffer, the kernel uses a user provided integer to perform an arithmetic operation that calculates the number of bytes to allocate. This calculation can overflow, leading to the allocation of a buffer of insufficient size. This results in an exploitable heap based buffer overflow within the kernel. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
98ff4c86de36c7d39cd2880507a3d298ac1b6eba2990cfbad6dcb871ef57508fGentoo Linux Security Advisory GLSA 200711-20 - Bas Wijnen discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Versions less than 0.11.3 are affected.
a1d4fce18098b44553354d8f167c9663d2da35614c7d3a6c47ce571c9c9430ddGentoo Linux Security Advisory GLSA 200711-19 - Stefan Esser reported that a previous vulnerability was not properly fixed in TikiWiki 1.9.8.1. The TikiWiki development team also added several checks to avoid file inclusion. Versions less than 1.9.8.3 are affected.
99b2b391e1b8c4e7204fab5ec76d9d88dc7a636333069e52a5271779d50ea093Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.
fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aaGentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.
56267a11d2e0430390325feac70669ed4b084a3bbfe8e068dc20a304ea8ef191
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed