Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.
8e6f0623746842315b28097db9c639035f0776c495c4ad893afdaf437d64678eDebian Linux Security Advisory 2040-1 - It was discovered that in squidguard, a URL redirector/filter/ACL plugin for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote users to either cause a denial of service or bypass rules.
8ecfb2dbcd98bafedd07e970a6b4302b435e74249fd1cad8e348bbd9ccf749ecThe Joomla DJ Classifieds component suffers from a remote shell upload vulnerability.
9ce74b880f307f1c2ec7c8268a1c33b6d252ee65efc1fd7e84545cb76feb28afThe Joomla Gallery component suffers from a remote SQL injection vulnerability.
0a1cc3be4f1282f060219cd65a33306b7ec76295cd42de4ba1bf36dfefb32e05Mango version 1.4.1 suffers from a cross site scripting vulnerability.
eecb09bb73b3b65cf8201d6b1a1453df96ed78fcfa0297f19fe915a4f9488a99wsCMS suffers from a remote SQL injection vulnerability.
e774b6ef67ed82fb5993f8b4168f52eb7b40a8f594b82476742cf7dd3e05c8b2NolaPro Enterprise version 4.0.5538 suffers from cross site scripting and remote SQL injection vulnerabilities.
71c9885d017261935b2b8b3f90ed42116a5fb2a6851395c06fba4645827ecd67Kaspersky Antivirus versions 4.0.9.0, 5.0.712, 6.0.2.690 and 6.0.3.837 suffer from a code injection vulnerability.
35da833f4eee17d383abe927792f7e22338810a7442ffde99adb3ee1acb060ceComersus 8 Shopping Cart suffers from cross site request forgery and remote SQL injection vulnerabilities.
49875f021b91c8db29be3c364308c75aa1067b12fcad3b586022deb71b242002Opencimetiere version 2.01 suffers from remote file inclusion vulnerabilities.
3b485e2f3d2bde3b3f0ed5cc354f4e528e5c62210fa9fb5dd8693f2b88581156Opencatalogue version 1.024 suffers from a local file inclusion vulnerability.
17a618a289e6c61b279e1b2a2b560c7412e7a9b784fa5f543004facd8fe63accWeb Negar suffers from a directory traversal vulnerability.
d475c2724c2bf1c6f53d7d30f39f9b72af1c687e870a3b3f2590277c479385f4The Joomla Table JX component suffers from a cross site scripting vulnerability.
d496e025856408c55e1a856971806071200c05779015a8578c83443a5fcaba00The Joomla Card View JX component suffers from a cross site scripting vulnerability.
2e61c5d2447674f1cc55c396643f0af1ce3cfc2c7c213f201450a8cdd32c458eTSS Scripts suffers from a remote SQL injection vulnerability.
b99af8a66c8ca950812ba564cff1ed7e75e0fe4744123f5fc93e6faa90853825Rad User Manager version 2.90 suffers from a cross site scripting vulnerability.
30e754dc077e39aec75701c91e64f87ad0d24d9f48ac2d430efc32eab3056748CF Image Host suffers from a remote file inclusion vulnerability.
debc398635281d20dc19d78550e03ef7936a98423584d2f25ac01e1080a56723This archive has forkbomb and unicode denial of service exploits for Firefox, Safari and various other browsers.
d9ed2cfda73d2c61b805add17e330491e74f3e95546a9bbe9df37bcf7e566caeThis archive contains all of the 490 exploits added to Packet Storm in April, 2010.
412b1f922ded3a26dd0924d44bc6cf2b2a3907515f44f3fcb3e84d53386c7bd2TFTPGUI version 1.4.5 long transport mode overflow exploit.
409c8e4ca280a1437d682ad977565b9f4669519e051857f3013b10e46147db6eGoogle Chrome version 4.1.249.1064 remote memory corruption exploit.
65bc15b051398739bb1c5122344c763179190c1a6979f4a2e7511578fcd32fc5Urgent Backup version 3.20, ABC Backup Pro version 5.20 and ABC Backup version 5.50 SEH exploit that creates a malicious .zip file.
61ab4ec986a1a00a6be031557d1010971379c71bebe7ee0a8f677278cbd5cf73This Metasploit module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled. This exploit was tested and confirmed to work on Windows XP SP3 without DEP. Versions for other platforms are vulnerable as well. The vulnerability was originally discovered and disclosed by Evgeny Legerov of Intevydis.
c3475168b519e0a4d79aa02d77825b2c1bfbe2132656b22f2313752701602378This Metasploit module harnesses Maple's ability to create files and execute commands automatically when opening a Maplet. All versions up to 13 are suspected vulnerable. Testing was conducted with version 13 on Windows. Standard security settings prevent code from running in a normal maple worksheet without user interaction, but those setting do not prevent code in a Maplet from running. In order for the payload to be executed, an attacker must convince someone to open a specially modified .maplet file with Maple. By doing so, an attacker can execute arbitrary code as the victim user.
48cf2fc583fbcdc37654c0ac828cc80aed7b98dcc536af1af641e2b62e11c413ProSSHD version 1.2 remote post-authentication exploit with ASLR and DEP bypass.
b3febb48bce1a02fd3be1189d335c4be2aa3bec9e2c4ff5d651b643e66766516
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed