Secunia Security Advisory - Some vulnerabilities have been reported in Dns2tcp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
e28605067b7935408f34d0ef7c9b5770f64d3724b8ee4487a455c974c7b996d6A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted GIF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user.
784909feca5f4676ce81ef75d3597d094f3a2f00e9f073866ec59152c5f86d2cA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted BMP files. Supplying a malformed BitMapInfoHeader can result in incorrect integer calculations further leading to an exploitable memory corruption. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user.
3e124dfc5ddff85fc5e6a77125cbdd4eff71bc3c30ef143cdbce429dae1a4e31Technical Cyber Security Alert TA08-253A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Media Encoder, and Microsoft Office as part of the Microsoft Security Bulletin Summary for September 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
ffa7789e5c4aeaa39cba1d5325352e0bc9df4affd18477245a27b53a27c4dac4Whitepaper called Client Side Security - More Severe Than It Seems. It touches on the darker side of cross site scripting and cross site request forgery along with information on how to protect against these attacks.
2e2efc0a501c46dbd86a6b840919bc3a993394d75adcd695a5ee9268014b3edcproxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
6eced49949c30e88205a4cd63d797c5592dcfaa4de30d29dbe99df9e6b80fa9aTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
05894f5cfcb78ebab234f6e73350430e57f4c8bec4a4c3e60a41e1e9fb13c66cLive TV Script suffers from a remote SQL injection vulnerability in index.php.
d45181a0c194a39e072be4503a910d3d22ee7df2795d42805e690eb8f7ad4c63Sun/Fujitsu M4000-M9000 machines are susceptible to a denial of service vulnerability.
7111530d7543660553112d3e311e08a5e2ce28d5916ffa7a51054aa85fdae12aCMS Buzz suffers from a remote SQL injection vulnerability.
f53ea49fbb7bf15dc1d65bf9bd44dfae57af53b822f516d57b39deab89bd224eThe Google SAML Single Sign On service suffers from a vulnerability where the authentication response did not include the identifier of the authentication request nor the identity of the service provider.
afd4d0a0a4488e33b685bde8037994e45d14ff01299b9bada666d4c67d3216b4Secunia Security Advisory - A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.
2da453250b2e9eb303a7ebee52648d7d9d07f054171128044550945e234f4c2bMicroworld Mailscan version 5.6a password revealing exploit.
9d4edb32072e2341271b4ee4e6a19c9135a552d9c02b7c0734d3d797180d81f8Creator CMS version 5.0 suffers from a remote SQL injection vulnerability.
8db43c2d6f200b7c8a009df340a25c50f3ce015c858bd4390a506dcea8363b49The 2nd edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil from November 17th through 18th, 2008.
99bd50c3f4c3ae36dbf5767d23f87f097e0dd4bf937f926801d702d772047674Maxthon Browser version 2.1.4.443 UNICODE remote denial of service proof of concept exploit.
46c2b2074dfef4b1fb42648e9b48ca6dd24411495fbc2b6f1654e579b4e4e534Stash version 1.0.3 suffers from administrative bypass and file disclosure vulnerabilities via SQL injection.
e1b631087737b6bdcf69f0df3cc53f995dc66a6949dd7b9edda622d004607a6dStash version 1.0.3 suffers from an insecure cookie handling vulnerability.
9a084b36ea8f8c659111dcaee66d6c7741a9931101b7f7cf1282eea9c5382337Ubuntu Security Notice 641-1 - It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the "racoon" key exchange server could allocate large amounts of memory, possibly leading to a denial of service.
96fda55aafbbc383e04934a764ba15609b46d095b5ba34afbc870e320f5834a0Hot Links SQL-PHP versions 3 and below suffer from cross site scripting and SQL injection vulnerabilities in report.php.
ec55f7f2771c9218c299830cb82dbbfbd4beafab38ab912611081d7c6ac0848cAvailscript Article Script suffers from cross site scripting and SQL injection vulnerabilities in articles.php.
b97cc13a4ff38215a615c5d2fbfd3b29a841729f42501fa83f0dcd8745b178a845 byte system-beep shellcode for linux/x86.
0f9cc5e6c0f59939e9e3e86781de1c9a8fe4ef79b3c07e8a2798fad1864ae0ad12 byte kill all processes shellcode for freebsd/x86.
cfa82bdacc2f3c7fd83862d29be21d579166f90ad246ca9f611b652596f38e85Secunia Security Advisory - Multiple vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to compromise a vulnerable system.
98e4481e71a64cfc03dffb3415120955964cb4515273da9613d2ec24f514150bSecunia Security Advisory - Stack has reported a vulnerability in Cosmetics Zone, which can be exploited by malicious people to conduct SQL injection attacks.
bbeb3e315a0276d6d5fb769df54399a5dfab833261c7c98f683c23cc68fca377
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed