ClubHACK Magazine Issue 14 - Topics covered include JS Recon, remote thread execution in system processes, laws related to unauthorized access, and more.
b47bc778ce21c063531d13d3ebf7fc76d6956cca3ef9d4ff4c1a3ea0a0528468Yourtube remote database download exploit that affects versions 1.0 and 2.0.
edb7da0635e196f101f0f8cf8a54626b1a63add8e5a59b932b3be91b65e62a6bThe VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain iframe events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
80e96a9a3ad610f44e28f2afac84eacff444a571e1cc7649b9d31addcf586567This Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.
adc6990f1cf99e26413f21f398ece6121bbb6179c5ffc9a96eea0dee3107fd02This Metasploit module exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.
5149ddbaf7b1d3d9357540ac0e57dbcd18547c2741a0e179a370629a91a6669bThis Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
d026ecdeb70b4e79e1a300231786aff558d631a15efcc80798eb6c642d176d5eSecunia Security Advisory - Fedora has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
ea2fff12a4fe796dbfaa22faa263f0a062e8e80c5f93801adb5cf90792efcdd2Secunia Security Advisory - SUSE has issued an update for MozillaFirefox and mozilla-xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system.
7c14fd98b0eb669546a93a1b4972c8ee32c0e120e04bd687beb3bd32433e280cSecunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in Constructr CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
12c4acd5c158b69073458789a3665317c9ef34033f52418817883f09f125af62Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
16183ff247516388068e748441785cbe6f5f64556eb356c84c3c89a12ee3b316Secunia Security Advisory - A security issue has been reported in v86d, which can be exploited by malicious, local users to bypass certain security restrictions.
d485c48684c9b4270980024b3113377cbdf45d30a4f983d40ad1caa4ebc6c276Secunia Security Advisory - Debian has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a3863cad8a6c9197eaeb267a54cbab088b9910ba7a409341a4087a5acab0c3cbSecunia Security Advisory - A vulnerability has been discovered in the OPS Old Post Spinner plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
55db445293a959f3516c3c8eee0a96ab5904b52c2ce33017335ef45bbccf832dSecunia Security Advisory - halfdog has discovered a weakness in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
20ec364f23438fd79c63e001d74cae7436cc5a6be51ba1a141d09c0624792841Secunia Security Advisory - Ubuntu has issued an update for linux-source-2.6.15. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and sensitive information, conduct a DoS (Denial of Service), and gain escalated privileges and by malicious people to conduct a DoS.
2b425f4b306f8542631264ce17abf380bd5c00e7c464c9ab40ae1680517b9bcaSecunia Security Advisory - Fedora has issued an update for phpMyAdmin. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
e6a8588cabb081def402593c6ad77801fac576058d3e5c9bf03979f841a68c06Secunia Security Advisory - Alexander Gavrun has discovered a vulnerability in Edraw Office Viewer Component ActiveX control, which can be exploited by malicious people to compromise a user's system.
20192103d872a78186c6b97cc66e5fcc2617503ef25e22875085763a10ac070eSecunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
c1eb17d02428c235778c42a6967e0c1f9e09c830311af8ff28a03dfccfcb6b65Secunia Security Advisory - Secunia Research has discovered a vulnerability in Foxit Phantom, which can be exploited by malicious people to compromise a user's system.
4ca16d1365bac6be2717d266827332d454e81ef9e72823b7145182487b591f19Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Monitoring, which can be exploited by malicious people to cause a DoS (Denial of Service).
92e9b768bddc2cac3e86dfd6b5f2c4d0739332663f0b715e3192a66dc3dbd85eSecunia Security Advisory - Two vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
f2cd39209b7b09d8f2f41a6ea59317553c168833e4f497ba6e39fb04a9b1d718Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Sametime, which can be exploited by malicious people to conduct cross-site scripting attacks.
1b7654ad00f6d1a69a91cb35934cb571c56dceb9c52e44181e2dd5e2607764ccSecunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in the IWantOneButton plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
34b7ff789ba4a9d2f4c7709bfbdc03e6191a95d41d7bf4dce139ca9af0ebece3Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Storage Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
586d85610f71a930725fd22911b60363afa98fb57196420894218013ed1aedd5Secunia Security Advisory - A vulnerability has been discovered in the Recent Topics on Index page plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks.
2fe26d982c0c7de90e1c894ae151a279d53bbc4ca348da55c0c4379e3ff821f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed