Mandriva Linux Security Advisory 2009-290 - Security issues were identified and fixed in Firefox 3.0.x. This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
81cd4ae6c0e4a6fbd63e6be6811775c38ed6270fdf26efb68f1373d24354eb81uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
f5889f915e9116c5d6e219bc6ac51f19112545db98937dc7898dbe14386f4937FULG SSH cracking utility.
43ec4b963e9750762aa06b6d1903f3f72afdf9ed91044a51a0e5b7f95760a744Zero Day Initiative Advisory 09-074 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Documentum eRoom, OpenText Hummingbird and OpenText Search Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hummingbird STR service (STRsvc.exe) which listens by default on TCP port 10500. The STRlib.dll module receives network packet data into a static stack buffer. By providing a large enough packet, this buffer can overflow. Exploitation allows remote attackers to execute arbitrary code under the context of the SYSTEM user.
fc40271419bd722e4119d10ab2f0371b516cbb56bf7f8a77328f21cecab80b3dSecunia Security Advisory - Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).
8f0be70af004c87e4501def9c3576c06c68ab005d514afbe61cdff162e1111b6Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system.
b6b6792baa6dabe58eb7a25f3bbf951a023362b2d4e8b94b203585e3408357a4Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data or compromise a user's system.
d03ea9bbabe16f7c220cea2e68ab962d48451256a700569fc60b0f2de6e768bdSecunia Security Advisory - Two vulnerabilities have been reported in AOL AIM, which can be exploited by malicious people to compromise a user's system.
021e88da437be6ab3b967bfb82a32d702bf8c51c6072f170a01f2e3460a9d244This Metasploit module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to 0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.
043b522739cdc7453582b55c2d84f10b6d62ae02178d5c618b7212a148347eb0This Metasploit module exploits a flaw in the SpamAssassin spamd service by specifying a malicious vpopmail User header, when running with vpopmail and paranoid modes enabled (non-default). Versions prior to 3.1.3 are vulnerable.
eab32845da0d59fc9f4ab3c4fe32f5ea16cbdf7d908c0e6e672c02b104b4425cThis Metasploit module uses a documented security weakness to execute arbitrary commands on any system running distccd.
0a769db2554d6e63eed260b8856d24d30fee9b9bc7f06f56160f29c66e421927This Metasploit module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. Following exploitation it is possible to abuse an insecure PATH call to 'ps' etc in setuid 'benetool' to escalate to root.
629ee439ef17eb790dc0b4ecfd87cba6375f929234dd537ad09b296c1e24dcecThis Metasploit module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon.
1922fca1702919a985e0d03cd6e813a1ab64a1125cad7362097ca409173defa5This Metasploit module exploits the argument injection vulnerability in the telnet daemon (in.telnetd) of Solaris 10 and 11.
179d8ac56af2b7e7a41f6d04b7d0d59e4a7e59ad60dfdcae4e994920a57db02aThis exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request.
7c27019bedb0e26575dc7a9ad1810a98487a76f946e66dee2a85a79237351e19This exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9.
14557b273499a2ea3ee86d39d208d2b582a750cf286e96ff62c3dd367eac0d64This Metasploit module exploits a buffer overflow vulnerability in adm_build_path() function of sadmind daemon.
18dec71a8c83fcf83504b2fddb72739d0a61a63af0287624b6f0d47b893416c4Debian Linux Security Advisory 1922-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
a220a510e52acdc35e63b91c7fafa29b451ce1d41d75745b324d947eec52a426Cherokee versions 0.5.4 and below suffer from a directory traversal vulnerability.
e98d286121b0854950d5c8ad20255bbe19675d7c7fec7efd3126c5b4d9d701feThis Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system.
01345783ba4c62397f1139311948fa659b914f7f6b890eea025ca4a22a9c86f9Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5515ba01277773a2f9c97599d4d28d0898d8b1d7afd5c8942cab087306c28703Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code. The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated. The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition. iDefense confirmed the existence of this vulnerability using Mozilla Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other versions, and potentially other applications using libpr0n, are suspected to be vulnerable.
2586d2a113c390f692bd4a3a7b5d2efa7e97552fe0c5a23297e4dd9eebfa000aOscailt CMS version 3.3 suffers from a local file inclusion vulnerability.
62cc89dcaa822c8aacccf2326a30726ab50fc22820b678b1198ee5566f5b10b6Mozilla Firefox version 3.5.3 local download manager exploit that demonstrates a temporary file creation vulnerability.
c57f747c188be90e736885f8d76cc1b16b4e1cbbc6eee9473f672dc486c86f84Small write up called Hijacking Opera's Native Page Using Malicious RSS Payloads.
c291ffa51806c7d5f361262a1cb308612da9ac85545f1e4435e49c40c2a46aa1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed