IPv6 appears to suffer from a sniffer detection issue using an ICMP echo request packet with a multicast MAC address.
1bdf6978fae4916cbd657629c58badd7f6daffae6f9f8441852945f289594ec5ClubHACK Magazine Issue 15 - Topics covered include Mozilla Firefox Internals and Attack Strategies, FireCAT, Being Invisible on the Internet, and more.
92810aaf42590da6a385dd916cc9887f2858306e425255a2d8f76964434c03fdadsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
668367ef17eb4a5745b7af8e8ee359ced213d5dedc82c273be711440bd96a9edSQL-Ledger versions 2.8.33 and below suffer from a post-authentication local file inclusion vulnerability.
d496bd5127052681237e5a8a52806489423cb1aec3e9d326887a4e4dbc8804b1SimplyPlay revision 66 buffer overflow exploit that creates a malicious .pls file.
3711a52f7ea4111fcfc07d40f11a484c3231b6b42e1c7f94e653809622405ba5The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
68273b636979cb1468a8090e5e58828a83e73978c0b22c05b24a4b9d3b8c295aThe VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.
4f3f32b3d21c7c657379213dbce2194f42ee815379440a6a45b032df836b15a9The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document.
eb83b04f992840bb6eff2e981e45c08f92921571c592f54407896f0ebe817d1cTextAds version 2.08 suffers from a cross site scripting vulnerability.
48fe4b05eefcf678307bf8c0811a92943aab040e74acd9f39d95490ff9e6f564The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.
59606c9acd8d8332ddbbdbeff4cd06911f15ac789a3a6ee075f3c52dff906ea9The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.
b8d96323c4a211ae41bedf90189a3872ffab299ee06c72ee8c21def85c12f670Collaborative Passwords Manager (cPassMan) version 1.82 suffers from an arbitrary file download vulnerability.
967826b2fe42669cdbb86c278cdcd41df4089bd07c90acbcb696c66c58c57b9fAgahi Advertisement CMS suffers from a remote SQL injection vulnerability.
8d7097ee7a0f8c968c01874badcbf438b062129cd0f05a336000f378d1e684c7Zero Day Initiative Advisory 11-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebKit library's implementation of a CSS style. When totaling the length of it's string elements, the library will store the result into a 32bit integer. This value will be used for an allocation and then later will be used to initialize the allocated buffer. Due to the number of elements being totaled being variable, this will allow an aggressor to provide as many elements as necessary in order to cause the integer value to wrap causing an under-allocation. Initialization of this data will then cause a heap-based buffer overflow. This can lead to code execution under the context of the application.
347cf5e231b4084b8fc7a2447d1f6527012477b05fa10b2f622c82dcfb76f440Zero Day Initiative Advisory 11-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a 'removeChild' call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.
be4c8dd019c0ab1ff982bb32c801b502ffe05b5d52a29f1a44bb8a75cc279411Mimbo Pro versions 2.3.1 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.
74e000d01037508cbeca559a4c9a061d44ef13bb2175b7f9206b7ab5fe1c0480Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
e78defb86c69f2ca1bbb9d91a5cec00811d513de3ef5cdfff2e34ffe7feee4cfSaurusCMS versions 4.7.1 and below suffer from remote file inclusion vulnerabilities.
28d2ab9d9db4ad9624dc59580aec62ae0cee90246990c630c8c9c3226621161eThe Partners module in RunCMS suffers from a remote SQL injection vulnerability.
b983cc119430f8ce0688691ecd9dfcbc668c3cf5816c3a744a2d848242960144PhoenixCMS versions 1.7.0 and below suffer from a remote SQL injection vulnerability.
f40d638835ae5d33b7d419ae121c7035401063517ef4a6498c1627a4f8ec7a59PhoenixCMS versions 1.7.0 and below suffer from a local file inclusion vulnerability.
f9b14da7f2b2d6ed4f2c96e279cddfc7a867dcb8749e749cb020121374ad414aIstgah CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
1315899efe88edc6032547187e79d4344d11f7b99d8180380bdaeb4f1bd2650cSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows Messenger, which can be exploited by malicious people to compromise a user's system.
93ec5ce55a927a205df77f9cddc0499ccbc14e099c169d0fd3ab489449ccc670Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
cc33916bbd27bd5f91d21918a9bee7122889cb6af557992afb078291bd81f9e1Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system.
a46aeea1974bac3d96cb90fe3809682f743e7e0b7a44d6e68cf8bd552e725aef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed