Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue.
35bc65dccb7f463465758b2a11096042af60b3b67233ab5e89d267a59fe5c0a7Debian Linux Security Advisory 2063-1 - Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.
761baef39ca32ba7ae1116f922831c6252c9cd21d118a2cb25d4345a6eff3811Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.
195ac8bf25a0d707e3dc03d63a39790bd60056ef575e948ce4d41f1c34ef8240BlazeDVD version 5.1 stack buffer overflow proof of concept exploit with ASLR/DEP bypass.
0c78513f04ffa4f0fdc87590a1b031c3939bf6ccc06e9cfaee31781fcea375deMandriva Linux Security Advisory 2010-118 - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. The updated packages have been patched to correct this issue.
a6f9d68d5a98a18e9429bb668817f36a35b35d16b65840e3bd8a85b84df5552a51 bytes small setuid(0) and reboot Linux / x86-64 shellcode.
1602d03f14b343e82fcfe012cb8800f8ea9321a5a783a20ae0f412b06b3545b0Gmail Checker plus Chrome suffers from cross site request forgery and cross site scripting vulnerabilities.
36a68bd9e9fde10d7b5a7b1971af8b6237f36edee542649eae9f1bc1b13f7a1960 bytes small chmod 777 polymorphic Linux / x86 shellcode.
79a66ffbf90a8d76a2e4b52c97eb49dcd08d33eba78f494b73e514af2c5b5f6bFile Sharing Wizard version 1.5.0 remote command execution exploit.
ea6ea1bdfffb88d3d3250cbef2b0361200b39031cf979d407ec6cf1b646d9fc0Firebook suffers from cross site request forgery, cross site scripting, path disclosure, and traversal vulnerabilities.
bf67a4a43d72b880003c39c391dd2d035157abef58ea446dcaf063054f7f631dHavij versions 1.10 and below suffer from cross site scripting and SQL injection vulnerabilities.
8884f63ec088af60798135e54cda1c1dadd059b01a17959a7f977f0519c2ed2445 bytes small sys_setreuid (0,0) - sys_execve("/bin/sh","","") shellcode.
ac9e9d9b529104fbb0798b88d11a8ced3644df6e75a4cd5b49d2b004d456172eDebian Linux Security Advisory 2062-1 - Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.
1445828e2f6519ef6217dac523b9973bc9ec175522f36db6c547b17eacde8bf8Planet version 1.1 suffers from a cross site request forgery vulnerability.
f26496b0f11faf2f2aab122fc0408b582e7c06ff2e3feffb5a6c3f1cc91356f6Turbo FTP Server version 1.20.745 suffers from a directory traversal vulnerability.
07cff37e46ddaec3c2767dac6c1736e1c44921da1dce5c2ce5d3195290544dbfTitanFtp Server version 8.10.1125 suffers from a traversal vulnerability which will allow an attacker to download and delete arbitrary files from the server.
542717b6d2e3c0e4b688d642623cc0b6686e08ca7ef7eadf4b6a38ba28b04e3eCMS RedAks version 2.0 suffers from a cross site scripting vulnerability.
2dc45df9d209fbc36e7e5b7dfafe7b1a2ba8d07e612a2e5114c283a9df7d0c30A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.
86fccc6fafa7825b20615a1581e12b2c31b07679a3f3f3f334176b42bac87055Pithcms version 0.9.5 suffers from a local file inclusion vulnerability.
a0b7c3d6c46c870cfb0f7e9f6d881958ba5e8941cb2be8e357e4f2fc9d1abb82DMSEasy version 0.9.7 suffers from a shell upload vulnerability.
98f99fc892970049c47679c71ca0bd0f346e17e69d41f731a51eb7fee6e2bdcfAnanda Image Gallery suffers from a remote SQL injection vulnerability.
4804bc1e43fc8eb9fecfc74c3b936ed4dc136a4b508712de36422bc95068d630HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).
4962704cafb19e0d8b33b253acee33bdfbeb5b80d6189aecbbfce46eafb25462THQ.com suffers from multiple remote SQL injection vulnerabilities.
03e07c7d92d4a120fc47d2523b9d6a53ef71eb5d3ce0bd79b08a44e66f907826Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.
5bbe52889b5ab6efa1f730a5287073d2e7fc6e1894b6ca2ae3107304d4641386
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed