iDefense Security Advisory 04.09.10 - Remote exploitation of a heap-based buffer overflow vulnerability in VMware Inc.'s movie decoder allows attackers to execute arbitrary code. This vulnerability exists due to a lack of input validation when processing certain specially crafted Audio-Video Interleave (AVI) files. During processing, a heap buffer will be allocated based on one part of the AVI file data. However, the amount of data copied into that buffer is calculated based on a different part of the file. This leads to an exploitable heap-based buffer overflow condition.
ad96e1122e9fb8b93f4a08cadad62bc39f256d9bf122deba3f29e2cac37a654eUbuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.
3c2ad9ef0cea24bcc04e06d51bb75bbac258b8b969603ad2fff0078adc1901c2Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
7fb576e16c3f05c9be726475382cdbd4c91cdb4277029e92a5cdccf479c2f3ebWhitepaper called Protecting PHP Application From Hacking. Part 2 of 2.
43b0f6569893b9b54142b1db25f85684bf560ab9ad662b0fc484aec28ede5868Whitepaper called Protecting PHP Application From Hacking. Part 1 of 2.
173e5f922b422870302766892e923eebbadd3d5ca7120c1e3f223ad64ff632a9Whitepaper called Basic Buffer Overflow Exploitation. Written in Arabic.
0d6179563cd56411e3ce5c26472bf7378aa8b576f171ab39a28a4c73ec224dc2Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.
557c412f827f2f32ff7489ae2f4654feece2a35b1342ce9770ba6964e2dd12e7The Joomla Agenda component version 1.0.1 suffers from a remote SQL injection vulnerability.
5b5be6dd56a17ff321c9642a11afa63a7bee1666254b03277e176e6eabbac406Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
9c733daebf47aa609e4f17aec7c1dc786ed108dbd1d2c69292e4199273052c20Linux Kernel versions 2.6.34-rc3 and below ReiserFS xattr privilege escalation exploit.
ec3e3da22ac58162ce7be7447d104d5ca1384de9ba4a5958c34ad37d6cb977dcTembria Server Monitor version 5.6.0 suffers from a stack overflow vulnerability.
2c2e79decf3313f4a5d1345601bba1b7e6285b2f6c4cee6fc50f184b1c74bf15Asset Manager version 1.0 suffers from a shell upload vulnerability.
64c029a1ed6a1aaf534d6ded2e0068f3b3c8543db99ce009b6d7c13bca38013cThe Joomla HuruHelpDesk component suffers from a remote SQL injection vulnerability.
34da214c658c94c26e65d6d489864dffd381bb8b2ff83aa5e55e7e8db9fe947aMulti Profit Websites suffers from a local file inclusion vulnerability.
1861bf76d9c81ffee45c7654330aad989915c956013dcbc57edf06544f4c191dSecunia Research has discovered two vulnerabilities in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by two integer truncation errors in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause heap-based buffer overflows. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.
2dfce36a8cb16e4454aed3c8b3138b1e05a792d019a2fc275906b4da34add4a7Secunia Research has discovered a vulnerability in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.
51f3c7fde9ec1243f3e24e712b834af517fb1633907eceaade5df15ac236b860This tool decodes wrapped (obfuscated) Oracle PL/SQL packages. Supports Oracle 10g and 11g.
04976acaa5e604a5f7210531fcbf4b8284d9b51bb5023c5208596d721c55e492VMware Security Advisory - VMware hosted products, vCenter Server and ESX patches resolve multiple security issues.
e16687d5cfca70a16709fd562f838d84c272a3a7b70eda5f2039b595265b5db8WinSoftMagic Photo Editor local buffer overflow exploit that creates a malicious .png file which will bind a shell to port 4444 or spawns calc.exe.
2b514377fe211c84dc9e21e1a8344508ed42bc1a90763bae7f3a4b63158c1f27The Java Deployment Toolkit performs insufficient validation of parameters.
39effd7d9fa4798243ce10ca37904472709a66049243821dc6495e5343e4cd1d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed