SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
4fd73eaa07d985c2b97468b07640cbf674016b6d676e720e5c0ed70b2df09c64Zabbix versions 1.8.4 and below suffer from a remote SQL injection vulnerability in popup.php.
b56256dc6e49aa84426a464efcebce6a3ac34661337e511965f33cf77a058512HP Network Node Manager i version 9.10 suffers from multiple cross site scripting vulnerabilities.
83eae4f4628bedcd448ce44aa7fc9d25cf598baae74f35123c5bec4ee8114545CgCraft LLC Design suffers from a remote SQL injection vulnerability.
db95c752930f8fbb2bb27965feaf5d9f06bfff11b71a172a9c17ed2c4410faae48 bytes small Linux/MIPS execve /bin/sh shellcode.
e05b3f3d11e44fb1f0249c1ab2224ecc1c315978a8021004d63803a15a770b0eLog1CMS version 2.0 remote code execution exploit that leverages ajax_create_folder.php.
e42cee700505621b6ad1fce6c51c6c98f6b151986a1cc0d80ea0e471e27e2e1dUbuntu Security Notice 1279-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
a57a6a4677aad213b5b06f27421d5abb8eefa70db03930de1545039b4bd62c37Ubuntu Security Notice 1278-1 - It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
8fc659e1e77c5000547f9f535c1921bdcb9f9740bffb44f47b411d8891107fd1Ubuntu Security Notice 1269-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
748fe00a71d2900d82893524fc7936b6d46ed4c251a839f7421b33b7b5d70cb7EDJE Technologies suffers from a remote SQL injection vulnerability.
86f1b29825b746b58601471a709df104c9b9d5494c02fb26eb8ec1216d7443c0164 bytes small Linux/MIPS add user (UID 0) with password shellcode.
33fe89705d37ee6fd02b2cee2201f40340d0f78902c3d725866581684affd745HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071HP Security Bulletin HPSBUX02724 SSRT100650 2 - A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege. Revision 2 of this advisory.
150c53828ac40def657ef231f9f25d5ce03f432d4f8dfeb50cd875906b300e5cLibLime Koha versions 4.2 and below suffer from a local file inclusion vulnerability.
4dbc5554bbfad191d732b5f61b07b2f5e33f63eea0e11ef62d9f69e503feb65bUbuntu Security Notice 1277-2 - USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were addressed as well.
28bd532ded831a89497654f782221fbde98b55af2975d73060350ebece644e3dUbuntu Security Notice 1277-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were also addressed.
50cacdc3fc2d46a4452a7d176ace181644b756e1e80e2655e104e50a14231030FFmpeg Libavcodec suffers from a memory corruption vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98FFmpeg Libavcodec suffers from an out of bound write vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98FFmpeg Libavcodec suffers from a buffer overflow vulnerability.
102804c770cf657624fe4cc7f5a21b98997c1b57ba08729a69f6d7f216073221WordPress Meenews plugin version 5.1 suffers from a cross site scripting vulnerability.
41b3810dee49681a7af5b5d43b3fb63e90fab9847e98dffff50885e5a8f91d9aThe WordPress Enable-Latex plugin suffers from a remote file inclusion vulnerability.
a75ff5bc1464f223cf2e2e67b6409b81628fe0c0f4064e240d7ed8f17771bbfaDolibarr version 3.1.0 RC suffers from cross site scripting and remote SQL injection vulnerabilities.
aef4bbabd3173ece6416b5ba1cd5f7f6dce42fbb854cd7f08f1b53976a504a56Pro Clan Manager version 1.4.2 suffers from bypass, remote SQL injection and weak password generation vulnerabilities.
005e2c07a10cf206d52670cc4946f18b4b7f9c85ee4817ec4cd4cbdffae2ce6dIcomex CMS suffers from a remote SQL injection vulnerability.
3acb9edac9fe95b10da8b0e60369cb06f5d8dc0400805461e977c0988205a759The WordPress Featurific-For-WordPress plugin suffers from a cross site scripting vulnerability.
84ce82c1933d2f6dc7c38315080807be270ae778e5f4137121a013d974ee5110
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed