Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.
9fa33067aa130781fbca691ab154e2e2a3db26473c6f6b321ca13b718821e3c0Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
dad5be5eb24d551c6fb279d2bc92a6b4dd9214d0faf839139e13b499c4cdcdccThe VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the GDI+ library when parsing certain values within a EMF image file, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
e9d976818013ca305eba57812572521d3237061c36f4c3f3f638dc81c1690983The Joomla Phocadownload component suffers from a remote file inclusion vulnerability.
75126f705c6eccf0edffa88f87a6f97f73ff444248c393a5f278865b36a740cbWinamp version 5.6.1 remote command execution exploit that creates a malicious .pls file which downloads http://127.0.0.1:8888/ked/k.exe and executes it.
951cfcd795431f472714b27715c7498a8c271c5442fc74020bf46e76bcfd93c4Winamp versions 5.6.1 and below denial of service exploit that creates a malicious .au file.
1093736eb6916886f123f020cd47b6de1b3bc2e092a5d7c3d45937d0657f9882Media Player Classic version 6.4.9.1 proof of concept exploit that creates a malicious .au file.
134154b172315b3f457db473e7221cb578b4f12b409c0d41fe7e3231e831a63eXilisoft Video Converter Ultimate proof of concept exploit that creates a malicious .au file.
de29b039e5dfabc8258ae8aecefa1698b9b9d901d5d73c4bacc6cff4eb59d873This Metasploit module exploits a stack buffer overflow in Winamp versions 5.6. and below.
fabf211b3b506c551c2e8279623e0cc08abb01c2f42086093e1fc4ca1b63808aThe VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.
2d2ef1ad1bdc1ee43e992f908da55b1ea19d51d2bcabcf4e211f64a913e1e003iDefense Security Advisory 04.12.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a specially crafted Excel file. Specific values within this file can trigger a memory corruption vulnerability and may allow arbitrary code execution. The following Microsoft products are vulnerable: Excel 2002 SP3, Excel 2002 SP3, Excel 2003 SP3, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.
230c8ce9bbb3feb7d012305ab9e3d158088e64a47a65651244ca80553d4b4f3fHP Security Bulletin HPSBUX02653 SSRT100310 - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS). Revision 1 of this advisory.
62ad5fbdba555b4929d654800aa842565df16d24e0b2f7a95afe9dea6093a43eSecunia Security Advisory - Multiple vulnerabilities have been reported in Sonexis ConferenceManager, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks.
a876f8c587dc34ea2402a2823709609435e3279f0eab4bd909625a1d81ab6896Secunia Security Advisory - A vulnerability has been discovered in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service).
76526dfbd065f5c59628aade6290decbe32236188eb28814b2440adb270a415bSecunia Security Advisory - Some vulnerabilities have been reported in OTRS, which can be exploited by malicious people to conduct cross-site scripting attacks.
0fe7fef4ded2f399ceed87f4268fd9b90470dde0c258715abe177017495d59daSecunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
23cd03460ab71061d8c3a25548525472ab4b131d1a9d69f153d0eed2236434a0Secunia Security Advisory - Tim Brown has reported a vulnerability in KDE Konqueror, which can be exploited by malicious people to conduct cross-site scripting attacks.
f92d4dd11e17d137cc8218a1dd58b4e8767d63c8c087e595d79f291faa815609Secunia Security Advisory - A vulnerability has been reported in McAfee Firewall Reporter, which can be exploited by malicious people to bypass certain security restrictions.
b94ff76238953cba6dc8356fd6ab70c32484d8e85b11a68d478c235d35c34f99Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b0c48c9c900da34c4dc834f62d2c9368d2f102ea6b3eaf6b0bda624f8db777feSecunia Security Advisory - Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
557094c1b03dee2d3facb60dfe221d08179d9ca923438275f2750d1835c7620cSecunia Security Advisory - A security issue has been reported in Xataface, which can be exploited by malicious people to hijack another user's session.
a14c9091ba5b3c836324a5d37a5acaa48bc8a982f33e379090b05a40ec441102Secunia Security Advisory - Two vulnerabilities have been discovered in Wordtrainer, which can be exploited by malicious people to compromise a user's system.
9a114569e77df045996dfcb44ad22729ee46b52d8304fd0b172a831fe7dfd180Secunia Security Advisory - A vulnerability has been reported in SPIP, which can be exploited by malicious users to cause a DoS (Denial of Service).
5ba1c98279a509bf368963560e8d171d0abf0c802435c9c5c14d60082dce6022Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in WebJaxe, which can be exploited by malicious people to conduct cross-site request forgery attacks.
a59a8d6e3c7422bd12aff12f2fe123949681bc002b884799d8d346f32a0ee414Secunia Security Advisory - Research In Motion has acknowledged multiple vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
09094cd960b9f47d0cd1d6e26692ba6190fab68f5a570a29eaed32afeda91bb9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed