Linux kernel versions 2.6.23 through 2.6.24 vmsplice local root exploit.
c36b3bec2ede9d9169a1e964201a2ca5a56c75e65d76be264c667671a6857c8dLinux kernel versions 2.6.17 through 2.6.24.1 vmslice local root exploit.
3320eec8b003e849aade43486b1ef70156ce3cd0b3bd31465fde613eb50238a3ImageStation ActiveX buffer overflow exploit that makes use of SonylSUpload.cab version 1.0.0.38 and can spawn calc.exe or bind a shell.
a6215b0f3a202526e37c51a8390a8b16f7e0e1d6ffb248d6acf3395b5f6b098ePound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
3fdb9f6a2e4f4646412d216fe0fcb346a9be274fb9908dd7dc186b6361ba7fd5OpenStego is a tool implemented in Java for image based steganography, with support for password-based encryption of the data. It currently supports embedding of messages/files in a 24bpp images.
31a37062065adc8fffae87cb3e01ed4d36e878af8b89858f0d7c53e4e489a65fndisc consists or two small command line tools (ndisc and rdisc) that perform ICMPv6 Neighbor Discovery and ICMPv6 Router Discovery respectively. It is primarily meant for IPv6 networking diagnostics or to detect rogue IPv6 nodes or routers on an Ethernet segment.
72a75674e179fc52e370a4dd672fdca8b540291d34e593cfe2e032fd4ca35a13VWar version 1.5.0 suffers from a SQL injection vulnerability in calendar.php. This particular version of VWar is already known to suffer from many other SQL injection vulnerabilities.
5bd18b9fcd088c43a87ef8c6ae3132f88f1c310468db05c761bebd03d03b66e7Microsoft DirectSpeechSynthesis module remote buffer overflow exploit that makes use of XVoice.dll version 4.0.4.3303.
7718f8446822b64a7c81ea9b0388ff3cdb8304d505ab0e6503dff8ede1143bdbMix Systems CMS remote SQL injection exploit that makes use of index.php.
9c92d6da7f730d1e88d43b2f859fec5f2b66a4b960c9c85695098a4e07c05da3PacerCMS version 0.6 suffers from a remote code execution vulnerability.
d233a6503694840caa055b3bbcd9c1eb5579d46b2b1e5c690859b4923ae6c1e8SAPID CMF build 87 suffers from a remote code execution vulnerability.
2df1392883002711dad527702263c1d1c15669d67a44310db917d1f8349eefb6The F5 BIG-IP web management console version 9.4.3 suffers from a cross site request forgery vulnerability that can allow for arbitrary code execution.
bc27ce67f9cd5fdb65dcd9c3ccae8ef701bb9547b9f69ac886bfd6506f8fefb1iDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
82745cf5c6c8c6e687ae2cfa0e63f534a092b268615b9f95eb4a1895cce48b92iDefense Security Advisory 02.08.08 - Remote exploitation of an unsafe library path vulnerability in Adobe Systems Inc.'s Adobe Reader may allow attackers to execute arbitrary code as the current user. This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 installed on Windows XP and Windows Vista. Previous versions, as well as those for other platforms, may also be affected.
d4fa880a29e7e14ddec6cb6cc8521a592d10b2b7b07c917d7f97f961261d764diDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
dbaad2878fa40c352148186c8e60fdaec85df78c429b573508d0ec0a58af0de5ITechBids version 6.0 suffers from a remote SQL injection vulnerability in detail.php.
5509c381e78ab0400ca1e23b6dea3500f1c10a1cf8dd8dfb3796696969a121f8PKs Movie Database version 3.0.3 suffers from cross site scripting and SQL injection vulnerabilities.
ad739a659def2bc63d9af0d288c7abd0081069d0c5939cff3cf1451605a50d0bThe Mambo Comments component versions 0.5.8.5g and below suffer from a SQL injection vulnerability.
7619c27873ab2a1390d41c733e1119c40e141850ad764b9433723e4c5e95b4a1Journalness versions 4.1 and below remote code execution exploit that makes use of adodb-perf-module.inc.php.
ab50799bf7a0e56cfbbef35d330f519dea48ccbdf87dc461a6317b1e8f82082cOpen-Realty versions 2.4.3 and below remote code execution exploit that makes use of adodb-perf-module.inc.php.
f11627e76090362207aa90d48a0f89d9ec7ed96924f73463a80ff0a8604d1932DomPHP version 0.82 suffers from a local file inclusion vulnerability in index.php.
c9a884d033392c4fe4030da7258c42130af3cebc678e166a0595f8990658ab3dDebian Security Advisory 1485-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. These allow for arbitrary code execution, privilege escalation, and more.
3e365dbba800b6a4e94ab3b87d1dd00796811c3c9dbbac66c1a4e7f09cdfe00bDebian Security Advisory 1484-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. These allow for arbitrary code execution, privilege escalation, and more.
76893811c4f62f4d878db38c6c63452a69841359f89e44634b5fbcb09b8b7296Debian Security Advisory 1494-1 - The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges. In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers.
dca93886f4927b2832e7fab1161ee721a75920d9083dc86b3ed21e246e5cb727Debian Security Advisory 1493-1 - Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in denial of service and potentially the execution of arbitrary code. It was discovered that a buffer overflow in IFF ILBM image parsing could result in denial of service and potentially the execution of arbitrary code.
97e4ceaddd215881f911db5d13ec443964b09751d813f7301d9e8eea92e72475
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed