Freeciv version 2.2.1 suffers from denial of service vulnerabilities. Exploit included.
9d9e673eee5c1ce184752800c40c16a06d773e5a251dffdd15ceaf0a2a965042Ghost Recon Advanced Warfighter versions 1 and 2 suffer from integer and array indexing overflows.
d973bcc1e6529953596abb97784dab67f32422d00caf4533203eb9fcab4cab84The Joomla ArtForms component version 2.1b7.2 RC2 suffers from cross site scripting, remote SQL injection and directory traversal vulnerabilities.
22ab97531f9b706153567472a552f4a7a1f71c20f48b853907cc14101e773a99Pligg CMS version 1.0.4 suffers from a cross site scripting vulnerability.
1e9a1773034cf732b523d0a050fc930039f7fe3bca02438d8d1f560b41f3e8bfMandriva Linux Security Advisory 2010-130 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct this issue.
5a363510cc86fa88ee8aa14537b88ea5f742ae16d68959c2ce6346cb423c3ff1Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues.
1229d0c29790afa2ad1dd4aa3ac27bed53aaf20094ab9e3f74e7252954698b5dCisco Security Advisory - Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain a vulnerability where well known SNMP community names are hard-coded for both read and write access. The hard-coded community names are "public" and "private." Cisco recommends that all administrators deploy the mitigation measures outlined in the Workarounds section or perform a Cisco IOS Software upgrade. Cisco has released free software updates that address this vulnerability.
084a545cab9484dcba8b4e243ad0a6511c14890d442a8b0ee95360b78739111eThe Refractor 2 engine in Battlefield 2 versions 1.50 and below and Battlefield 2142 versions 1.50 and below suffers from multiple arbitrary file upload vulnerabilities. Exploit included.
c719436be31cc3d812b256a0566b6669d91a7366594c74a49b5940eb5ce70c97Sijio Community Software suffers from cross site scripting and remote SQL injection vulnerabilities.
3ee8771359c68d7212cf3ffd593f8c08ba054d283886e2f0508d2103a7d32c62Pith CMS version 0.9.5.1 suffers from local file inclusion and remote file inclusion vulnerabilities.
944f761de10c44c7f3d4242687d18efc85529fad04f075287e62dcdcf7ee445ePBS Pro versions prior to 10.4 o+w race condition proof of concept exploit.
e5ef3ff55ecaffc75cef785be9136ba14ff0bdba919b16c5d79092a7dd9aa824The Joomla Agora component version 2.5.x Pantheon suffers from a local file inclusion vulnerability.
01ba5957315cf61ac22adc2847d10f62e297b6131b1fa44d25d747e71530de2fUbuntu Security Notice 959-1 - Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privileges.
ee80f6498671ddd1880de5fd9eef46ad026443c9acbf99faf79213e554bb0b74DCP-Portal version 7.0 Beta suffers from a cross site scripting vulnerability.
5f29d882be595d9768ed26abfbba408f87e79b18363a209d2a36f0ecf34f4367Exponent CMS version 0.97.0 suffers from a cross site scripting vulnerability.
8aa450c58f1fa570aae00c8156418bd6234276a19273404886efb1529db1b33eGSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.
15de76ced43372497ecbe7c41e888d3800c73d203ba85bdcf15a693b20d9e5a9Hero DVD version 3.0.8 remote buffer overflow exploit.
b96ff541e105a651045d18859fd6f9197a4aa071b0a112c09f988427f6a709dfCitibank CitiDirect Online Banking software forces use of a vulnerable version of the Java Runtime Environment.
8f04afa2c637e5b11d002f0ed54ab72e8d083fd6b496899eee91fea841cf853cWhitepaper called A Serious Newbie's Guide to the Underground v2. This is a continuation of ratdance's original Newbie's guide to the underground.
59bcdfa72ce194a61cb1c9f4dd3e108ef30765965712acfa60e17b5d35dd1d26Go Null Yourself E-zine Issue 1 - Topics in this issue include RTLO Spoofing, Alternate Data Streams, Derandomizing Perl's RNG, Trojaning OpenSSH and more.
da764bb263f3ff2f6073ba91670651cedf533d2c37e234ff11609dae96d20245Qt versions 4.6.3 and below suffer from a remote denial of service vulnerability. Exploit included.
a98ad307a19189b74621d8afdcf89966c842795c15ee9ef0845f54e7ed9b8ae5Simple Document Management System suffers from a remote SQL injection vulnerability.
88efa68c54a312c573492fcc24e9e0d04236ac16f5e0b750b8c02ebd0212eb7bThe Joomla PaymentsPlus component suffers from a remote blind SQL injection vulnerability.
749208d402b089deb4c26f92d5aec10135bc3459acca84b3db501bafcc835522Green Shop suffers from a remote SQL injection vulnerability.
010cf2f6e59e0c8286863da323a89d1fb3a85282ad28083b5b525a50463d1791This is a polymorphic shellcode generator for ARM architecture that produces execve("/bin/sh", ["/bin/sh"], NULL).
de860077ea38ffa4a008b24122c4949fb3e19f8ebbc539c89d975eae3bc82105
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed