Secunia Security Advisory - DecodeX01 has reported multiple vulnerabilities in Huawei MT882, which can be exploited by malicious people to conduct cross-site scripting attacks.
2d850dd9baa9d0ea66de89b2dfb605878e1dcf2c4243926d11c5d6811d7f872fSecunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to gain knowledge of system information or compromise a user's system.
71b27c502631c809c8e0a74eb3eebe42723af25f109d6cb8e4ed0d4b5ac8c6aeSecunia Security Advisory - A vulnerability has been reported in various Symantec products, which can be exploited by malicious people to compromise a vulnerable system.
9624c50b5874a8c0668b5bb4fc0e92a8238226d6777b1680041fe6cacc70f21bA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovsessionmgr.exe application. The session manager is passed credentials originating from POST variables sent from the ovlogin.exe CGI application. Both the 'userid' and 'passwd' variables are copied in to a static 0x100 byte heap buffer via a sprintf() call. By specifying large enough strings this buffer can be overflowed leading to arbitrary code execution.
d3e347769d9a0169119de61e0f00d5eeb0cfc5247b54c5ce41f1e884a1e5daf0The Joomla Mamboleto component suffers from a remote file inclusion vulnerability.
2014fc101fbd17e31e9ee333ff81e7a6d8e576bb9e07c70577fa3c91512002b8The Joomla JPhoto component suffers from a remote SQL injection vulnerability.
70e47552ea0a16d8a89908715ebab0c55e27922d555f8f006f3125379617ee1fThe Joomla JS Jobs component version 1.0.5.6 suffers from a remote SQL injection vulnerability.
abfb9823ae7244b1b5131080c150d79671ba2ebde6bfe542ff0994b61c37c291Peter Glen Script suffers from cross site scripting and shell upload vulnerabilities.
d157dfd256c168e3f50fd7152caef60af88a810bba83268bbba13cf1fdb7df61Technical Cyber Security Alert 2009-343A - Adobe has released Security Bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR.
a4bc242954422d960261801c1a304d593f725cfaf0177c99a1936ae6daee86f3A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovlogin.exe CGI application. During authentication both the userid and passwd POST variables are passed to this CGI and copied in to a static 0x100 byte heap buffer via a sprintf() call. By specifying large enough strings this buffer can be overflowed leading to arbitrary code execution.
dfe02bea723b3ba6bc783229b860dc9e56116e53f1fcb3a220423f03a8453200Zero Day Initiative Advisory 09-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component which listens by default on TCP ports 8181, 8443, and 14300. The process fails to properly validate an authentication request made to port 14300. By providing a specific request an attacker can bypass the authentication and instruct the process to unpack and execute data within an arbitrary WAR file. This can be leveraged to execute arbitrary code under the context of the SYSTEM user.
940888fa6d1670303841052a35c807cdefee07b8fb368c877da6f521b425f94fZero Day Initiative Advisory 09-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables, the vulnerable process copies the contents of the Template parameter into a fixed length stack buffer using a vsprintf() call. By supplying a large enough value this buffer can be overflown leading to arbitrary code execution.
b7a1cab9b73a91e2a37ba05f42c370d2cfc6f64a25eed063552cf99883511283Zero Day Initiative Advisory 09-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmp.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Oid parameter into a fixed length stack buffer using a sprintf() call. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution.
9dfe9d8b1a33f43c8cb51046a6d15dc01d833dd7b15cfdde66985e2e820ac464Zero Day Initiative Advisory 09-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Template parameter into a fixed length stack buffer using a strcat call. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution.
0c230958740a35c21d0869c9cd1233cf8383a039a07970de78fbfb4aeb4e5756Zero Day Initiative Advisory 09-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables distributed with Network Node Manager (NNM). Several of these applications fail to sanitize the hostname HTTP variable when requests are made to the NNM HTTP server which listens by default on TCP port 3443. By supplying a pipe operator a malicious attacker can insert arbitrary commands that will be executed on the remote server.
e1d792b1b389375f89ef389c449e85b1221397cc5abcc929d2f86c11318013d0Zero Day Initiative Advisory 09-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the generation of ActionScript exception handlers. In Verifier::parseExceptionHandlers(), a large value for exception_count will result in an integer overflow condition leading to a memory corruption which can be leveraged to execute arbitrary code under the context of the currently logged in user.
1d7637f8dcda17452e5aeb74896ae0f9066a049dca139f3bfa7331a75825e114Zero Day Initiative Advisory 09-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the parsing of JPEG dimensions contained within an SWF file. Due to the lack of sanity checking when calculating the frame size of an image it is possible to overflow a heap based buffer. Successful exploitation of this issue can lead to remote system compromise under the credentials of the currently logged in user.
135f46251318d37edfe18ccff13a7add7c4b9bd0f509d303fc509d4d24e5af08Zen Cart suffers from a remote file disclosure vulnerability.
2d9cc7eb47dc4b8bd62a001d34062586144ec14593754e16da1fc61be7cf1203Invision Power Board versions 2.x through 3.0.4 suffer from a cross site scripting vulnerability.
8a46e76274f2800f27e3d9e865aa8fa9c1fdc028ba434775bd668a0212368029Running DISA SRR scripts against your server can get you easily rooted. They run arbitrary binaries discovered on the filesystem as root. They apparently need another Security Readiness Review script to first audit their own Security Readiness Review scripts. This is an update to the previous finding, documenting that although a fix was attempted, it failed.
f673f52c73b3976d29097777a7b7e4f7a112b97834ac0ca5076c16ccc63480f0HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). Yes, HP has just patched a bug from 2002. Better late than never, I guess.
bd8963cfb2f658fb813b742f0223f978d5048fac3de0439256b00df2a62e609cMandriva Linux Security Advisory 2009-328 - Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. This update provides a solution to this vulnerability.
04933083a65371fdd2f4b01740b0e330568ee4a0a8655c66a0bda801808d0605Ubuntu Security Notice 868-1 - It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password.
c47c0bdbba6c8195bc69b9aa6e3b23341564fa4002b4085d2e1046ed1b25d2a3iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
6e732798cad62163d6e033aa52e22b771246556a230c0f66cd33fe69e96d72a4Real Estate Portal X.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0a69e51d13580fd6df949280ba369c2749ce44a0f7020deab1f24f218dfe9aba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed