Ubuntu Security Notice 940-1 - It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service.
3a1b15d7feb5baa1e9ef51b23ea5560f739645a55f3ec4b92a3235d5043a3820CommuniCrypt Mail version 1.16 (ANSMTP.dll/AOSMTP.dll) Active-X buffer overflow exploit.
52df9cbdb8622bd771beb386d5a6fbca357bda60f58016ef745a1f5afdae5714Joomla ActiveHelper LiveHelp component version 2.0.3 suffers from a cross site scripting vulnerability.
04e7ef36c839faaf206f96b48b0cf37cd4f0aad0a8baa4f219778ee65ff2a38aDBCart suffers from a remote SQL injection vulnerability.
37b2258cb27131087e6189926ec3aa5725e8d32f55b5925f5efa350bd558368b27 bytes small Solaris/x86 execve("/bin/sh","/bin/sh",NULL) shellcode.
6fbd240b11e7e8c184ffc762b3948733357250ef2f698105716ad6e7c52e0e08SyncBack Freeware version 3.2.20.0 local buffer overflow exploit that creates a malicious .sps file.
87370c4f68dc789390ad72b4b9ca2c5ee5992dd1ea78373e0fdb715c43946353Mandriva Linux Security Advisory 2010-101 - It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
438f71a4c2502763e58078d70a573dfbd7495cd314e7adaf308c2a817f3a5ca3Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.
5825ac39d755020d1305d07d57da443f669935047166133b4fe048ba2ff493bdMandriva Linux Security Advisory 2010-100 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
0f940ffa82adab2d23257ec3d063e5627e8a6ec0a43531f062da07e8bd98ce77CYBSEC Security Advisory - The McAfee Email Gateway suffers from a web administration broken access control.
63ec88451263b5d26ff0faf2d7cdb4dee405a6b42a14401f0f1265af7d5c574dGoogle Chrome version 4.1.249.1059 suffers from a cross origin bypass vulnerability in Google URL (GURL).
b457b91104bdef4b23f16cd761c6026a6933655fd768dc81f457ea384be25ccfBattle Scrypt suffers from a shell upload vulnerability.
aa795e8f7468906441f6edee4e41182f38dacca60a0faed15e07e599b028ec85SelfComposer CMS suffers from remote SQL injection vulnerabilities.
8e4b88bb897eebb2b9143146ca7f61dcbffff9dca7e54a247511534143e9a1f7Lokomedia CMS version 2.0 suffers from a cross site scripting vulnerability.
0f8adf2a64a92a722b964594b44d81220711c86d5bcd401afff104dafe4e625eThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
da734592a7192747fd66c05459d27daeb3e49aea92dd5dadc3305a6b8ee081e8The D-Link DI-724P+ router suffers from a cross site scripting vulnerability.
5f9063506f2a28e50140ddd27f69d0b1652854d80f9ad864d303265cae695f0dPSec QtWeb Browser version 3.3 denial of service exploit that is based in cross site scripting.
78ba27a00c8e10f3730a3b85eb7e87200ffd424a90735e91642c220a715bc5b4HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS) and increase in privilege.
0bdbac923be2be09d92f6837998ceba6674b81f9aea62f3cf0b0d97cea039cff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed