The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.
cc742e348803b4bebccc7e0c52ac2c3b04a64d189f3658425747a6b6c29779abIDEAL Administration 2011 version 11.4 local SEH buffer overflow exploit that binds a shell to port 4444.
a2205ff75ac16e41c0d959abdf59f6428e9908fee53656bf350ee7b0796ee06cEnano CMS versions 1.1.7 and below and 1.0.6 and below suffer from a cross site scripting vulnerability.
d571fee22d5a09bcc9d89f487634700a9dde68a4debe97b0a28647b6a0353046Adobe Omniture suffers from a vulnerability where a malicious cookie can hijack secure connections to the domain by injecting malicious javascript into the page via the cookie.
867e790d12052d21305ffeaf4682a50de4c09e3a702babdcf130ce2820d2e241Whitepaper called Hacking the Skiddies.
3610f5af940459d0f9772372a3ff9dc213bca95a57b0cebe37d73f4edd86bf38Whitepaper called Bypassing Anti-Virus Scanners.
8919103e539f8e08d30103803a77e6ad632dce79dedb8e58ee5be3b8dbcbf8c6Tracks version 1.7.2 suffers from a cross site scripting vulnerability.
0e9afb6d0f5ba2d4b1518a64d2c034a1836ded19120b4ca68150dd5d16c2fd1aUbuntu Security Notice 1097-1 - It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service.
affa18051becc121040b13af705845364918ff2478b4a20b6a34eadba75cede8DCS Self MNS Product suffers from a remote SQL injection vulnerability.
c2ca0b40610205b927f98747653fb637237ba8db2df139fc58769aafcf5c8a23Ubuntu Security Notice 1096-1 - Philip Martin discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests containing a lock token. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service.
caf09d37d15cd9024d30be254cdbcd8d0dec859eca34954ae6628f15010273e9Whitepaper called Writing Manual Shellcode by Hand.
061997e84eadf0ea80fa13c73f114ab9cb5632b12b77b660304a855a3f885f72This is a whitepaper called the Beginner's Guide To Cross Site Scripting.
15ce1410ad4bb0fb2095406b506cffa4cbd1bd7787c82707575a1d8dcf5f7258Spitfire CMS version 1.0.436 suffers from a cross site scripting vulnerability.
8560506e77b07ec1cb96f7f2ebf871e667ed02212de56bc5c5a58d5c27f135e3Ubuntu Security Notice 1095-1 - It was discovered that Quagga incorrectly parsed certain malformed extended communities. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga resets BGP sessions when encountering malformed AS_PATHLIMIT attributes. A remote attacker could use this flaw to disrupt BGP sessions, resulting in a denial of service. This update removes AS_PATHLIMIT support from Quagga. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10.
ace92018aca8cb5f956fcdd7df537578af7168e4da59950e1a0e8cf32c374692Ubuntu Security Notice 1094-1 - Petr Matousek discovered that libvirt did not always honor read-only connections. An attacker who is authorized to connect to the libvirt daemon could exploit this to cause a denial of service via application crash.
6dd8ec7382009c91aee9deaa35b3fc69dbaca15baed81f8c368a15c73a863ca6WESPA PHP Newsletter version 3.0 suffers from a remote administrative password changing vulnerability when the install script is left in place.
8967ba02e7bee6dbbd12538c41fde3fc9096ae06d10335d62f3cf4e0d8d3794cSimple PHP Newsletter suffers from a remote administrative password changing vulnerability when the install script is left in place.
6156bed607c247ce156c38d3a514e9b119d3dc5eea5758f60ee0a71ddce5ee47Solaris 10 suffers from a port stealing vulnerability that can be leveraged to enable denial of service and man-in-the-middle attacks.
48675e27be933162ec7baa7aa594498059d2ec27697cce05e158de2eb0bcbf53Secunia Security Advisory - John Leitch has discovered a vulnerability in PyroCMS, which can be exploited by malicious people to conduct script insertion attacks.
f0c0672532564446fcce2c6cd50676d8c652589ecf7decf12faa3fe60718d3ebSecunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in ICONICS GENESIS32 and GENESIS64, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
5d6d4f865f6de3359152e5d6ef149bfb9a71d61d3173febc11bad781a08b421cSecunia Security Advisory - John Leitch has discovered a vulnerability in Easy File Sharing Web Server, which can be exploited by malicious people to bypass certain security restrictions.
dc281f9cbc65856fdf802bde8e23567d51206e02af065ef79da292cdf1ca2eb4Secunia Security Advisory - A vulnerability has been discovered in Ays Blog, which can be exploited by malicious people to conduct SQL injection attacks.
6ae7065e60762110eb66aac5141e5b05b642fe79a97bffc2cfe33f057c418d84Secunia Security Advisory - A vulnerability has been reported in Zend Server, which can be exploited by malicious people to compromise a vulnerable system.
c6242ae912a9e9d43bb13df860b35ee59fbcff606655d7dd0ca8be90b69effa1Secunia Security Advisory - Debian has issued an update for gdm3. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
0ff975c4e7f16df2b83e9106da93a153886c874db5f745b8770effc034848c53Secunia Security Advisory - John Leitch has discovered a vulnerability in OrangeHRM, which can be exploited by malicious people to conduct cross-site scripting attacks.
f2676ac65d49e50d31e4a524f1b45832baafe9e8119a72615e132e725111f5b0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed