Technical Cyber Security Alert TA09-187A - An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks.
1a102bd7a40bbb8ca60abb765053806e63288e7f77f3bce55c8c5ebc9f6902f6Photo DVD Maker Professional versions 8.02 and below suffer from a buffer overflow vulnerability.
8c36687687ab63088a901e8037aeeba720eccb666f36a7815c5c7c225ba1805bWhitepaper called From 0 To 0 Day On Symbian - Finding Low Level Vulnerabilities On Symbian Smartphones.
9f84cc111e30835b5b7e8fbc5e38e756d4e282500b242481eca7fe284fc5a2dfUbuntu Security Notice USN-797-1 - It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service.
7a72370d5fd4910515c0a0d165701f1585e989a74655c1eb76451cd4ddb6b631Ubuntu Security Notice USN-796-1 - Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash.
e9d236e58486d787e4f1439f5a9222d5b450347d97a026eb8d4c6826b1ac3968This shellcode disables shadowing on Linux sending all passwords to /etc/passwd.
efc0efd9feadbafc48fa0b35a0aa5538a00d019eb428a3387ae2c12b99c3f28b27 bytes small Linux/x86 setuid(0) and execve("/bin/sh",0,0) shellcode.
bdc78449c1f635f062ade25df0e45d95aa1798aa892eac87fb644cc407eeb707The Juice for Restaurants script suffers from a remote SQL injection vulnerability.
5853b23bf8d99c0214eb477e59019090226dd91111a256d4ae9304231cde2facCakePHP version 1.1.20 suffers from a local file inclusion vulnerability.
27ead6119246b29233ad633ebe43ea62de1a3b3bd2aacf040b1811027299d69eThe TekRADIUS radius server for Windows suffers from a SQL injection vulnerability that allows for privilege escalation. Details provided.
04e03394380b7c464a8bd6dabc94060b07b1420c44f813a363aca9d1aa17f13dNullLogic Groupware suffers from account compromise, denial of service, and possibly remote code execution vulnerabilities.
c36c4bc118817c73caa7e27e4882f82a005ab7e206e99a27d5d2b690d6443b2axscreensaver version 5.01 suffers from a symlink attack vulnerability that allows for arbitrary file disclosure.
76a58717d14127259b1160fa8f313e1fbd413475bd10fae05ad4fd3f3270e9fbSun One webserver version 6.1 suffers from a remote JSP source code disclosure vulnerability.
00259bc166576fb6e6df32d2a3dd8d1fdd966e27f73e21fdb0b6899cdfa0ef50Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. Versions 2.1 and below are affected.
0a9bd01bbd35cd229feb029c2a84091f982b71b8dbf99cb85b892b57eae472c1FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.
e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354Whitepaper called One Click Ownage. It discusses getting a reverse shell through SQL injection. Related scripts are in the compressed archive.
d9d69e301c64bdfe485895f78c59131d790f2e51060dcbca3dd44e46bee6d71aHPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.
694e79fd6246d584e4df0972c66d14e7afca6ec28b6e3eee0d217b41d58f5786Gentoo Linux Security Advisory GLSA 200907-03 - Multiple vulnerabilities in the Apache Portable Runtime Utility Library might enable remote attackers to cause a Denial of Service or disclose sensitive information. Versions less than 1.3.7 are affected.
4263d47d1b70e312d108199ea0389b75e3ded16f3aec80a2d0b1d0b8cf07bff9Avax Vector Active-X control version 1.3 proof of concept denial of service exploit that takes advantage of avPreview.ocx.
c69169d02a1890b915d3de37f255e288faeb7f272b5aa090a2d7ac024a7d5ebdRemote blind SQL injection exploit for ShopCartDx version 4.30 that leverages products.php.
1da8905f08d5b1d04b6a116f7320fea2a361ff4df354e352026f26c9b771c0b1Debian Security Advisory 1827-1 - It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.
00635cca24bc92600de8f93c3721c5247f197717d7229303c32358b985872512Debian Security Advisory 1826-1 - Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot.
a8b2c212aff1ffb3827b0c945e8b7f60cc18b1a588ac272831cca100696988e7Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50Secunia Security Advisory - A vulnerability has been reported in KVM, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bc7a0d5ab679be36909fc429e991b2150fb857afdf8874a6aa79cd5f6745921dSecunia Security Advisory - Debian has issued an update for nagios2 and nagios3. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.
b86288e59c357dff208de0efd4aaf02d97d0464d740a19945e18e0e5c244b961
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed