This is a detailed write up along with proof of concept code for the Adobe Acrobat font parsing integer overflow vulnerability.
3f0ddd64f75743a12e58ba0b0b85e48865c1938a53a467deb7d73e2ae74128daeazyCMS suffers from a cross site scripting vulnerability.
fe1793c76d0607e7c421c7c854c55d40113ad3a86db3673458bad98d7aa20000CMS Source suffers from cross site scripting, local file inclusion and remote SQL injection vulnerabilities.
1cc0749f065c95606df88e248cc7105d95495566d53e2424e2456ee38ef4ab21Get Tube versions 2.3, 3.02, 4.01, 4.5 and 4.51 all suffer from a remote SQL injection vulnerability.
348c5b150e32652de8ebf6730862212ac2bdb62b315a194f10f448915847216bPlogger suffers from a remote file disclosure vulnerability.
028bb6e850d1eb80337e0d8798503ad19f0cd6190774b7fb0902fe28f2a9e850iDefense Security Advisory 08.10.10 - Remote exploitation of an memory corruption vulnerability in Microsoft's Office RTF Parsing Engine could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a RTF document containing certain control words, the RTF parsing engine may incorrectly read a value from the RTF file. This value may directly affect the control of execution flow within the RTF parsing engine.
b5e0d708c7afc4fb28b1ce1539313fd783bff59a1505c38d75cbd5f66b9d464dWhitepaper called Attacking and fixing the Microsoft Windows Kerberos Login Service.
dca56f74aa6bce65400493957a77a259aea8e57979675bb75f2810e882eaa367This is a short tutorial called MySQL Injection - Simple Load File and Into OutFile.
6866aa8f28dcac6458750046b3125a824fcea99b3aedbddd27f63076b1098e76NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
dcdbd2708f2c2e12467e8290427000123747df8a0fffb5c31fdecd194bc1d79di-Web Suite suffers from cross site scripting and remote SQL injection vulnerabilities.
bf4044fcb65c8a8357940ed4f827599eb42d238e77f419d0367b86f3d5d7d30cClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6aa0b0d96ed25ffb4b5aca53f6348978c94771503c299f86e480fef475abcefaBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
43a45df9dabb835d342206a7b3508b2a323f7118a76b748d149e73aff2797db0SmartCode ServerX VNC Server Active-X version 1.1.5.0 suffers from a denial of service vulnerability in scvncsrvx.dll.
b7b28563723da38901481e1b6eb926086c2a9be731100ece4948f14243ae3599SoftX FTP Client version 3.3 suffers from a directory traversal vulnerability.
dbcedb388fc3cec8a38ca122492b3bce0cc46f9cb2b690a1c3cdfd9f08d2e9d6Edit-X CMS suffers from a cross site scripting vulnerability.
2493f966b165a37e381bdb0d0205c2066af08865b6433ca14a31779009cf9ffeSyntaxCMS version 1.3 suffers from a remote SQL injection vulnerability.
bd694637af43965326dd67f57bef977e3167de288d7ed427c6b440da21916a2bOnyx version 0.3.2 suffers from a cross site scripting vulnerability.
6a3b8d84636dbbe4bd6ba3105e5cd9d6c1ec410d0225b38f59524b9530a4fe79Xion Player version 1.0.125 local stack buffer overflow exploit that creates a malicious .m3u file.
623e89f49bcef9f0a3b4ba99e4d3ef07532083ae2fdac43b0fe5118d47d2d2a5SUSE Security Announcement - Flash Player was updated to version 10.1.82.76 fixing several critical security issues.
4215852f7aadcf5349f4c7580bafcadb08e54ededfb7e59ee009754ac6aedcdaSecunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the "getPNG()" function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the "jpeg_load()" function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
0ac4acaa34693c9c47c3dd9fce7cfc4554b9166403d11d3a10fa1521d9a9191cWordPress version 3.0.1 suffers from a cross site scripting vulnerability.
921c86ce003e8c1e9768354aad33c41325ac356eece76c0d02ce5a7905ee5694Mystic version 0.1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
427020de4e1b9b5f83c2de4198f6ef49be2c9c4afedc88d0ef39ab6f9983d734Secunia Security Advisory - A vulnerability has been reported in Kleeja, which can be exploited by malicious people to conduct cross-site request forgery attacks.
bd9b18dec802b6e28ae587b635b4bf972f719b725562bcbc6c87604a45e2ff7dSecunia Security Advisory - Some vulnerabilities have been reported in strongSwan, which can be exploited by malicious people to potentially compromise a vulnerable system.
1b93e6e3e7066178799f6ab4b477e30c91731adaf3f2b15cd503949b1a3180e8Secunia Security Advisory - High-Tech Bridge SA has reported some vulnerabilities in CMS Source, which can be exploited by malicious users and malicious people to disclose sensitive information and by malicious people to to conduct cross-site scripting and SQL injection attacks.
ecbab0a967f36d8ae4063c8a9743b45c5aa150d60ea07094d100f65f86f6dd88
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed