Ubuntu Security Notice 1286-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
6043a3fbf2080a512662c349ee447bed0a78df45f28b48e5909b135726bd239eWhitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.
84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21AlldataSheet suffers from a cross site scripting vulnerability in view.jsp.
d0be3decf4ecc68139c1346f821272547344f5eaba34924b922e0eb54fcbf721This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
e325ea7c310110db0d0e34758f28771015fc9185c9f35054df350536e370ced2This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
b1838839c525c11d9b53cae384041c70a3a02194b24bf115638e1db8ac88a5f552 bytes small Linux/x86-64 execve(/bin/sh) shellcode.
b085392d44827f904a32929b6caeac38668907ff2075dc9550154ce0ab29c36fNJStar Communicator version 3.0 MiniSmtp buffer overflow exploit with ASLR bypass.
0b7da0b7c7134272e31478cea7b4b013563a075161c8cc011b32e019d9b3d3deSecunia Security Advisory - Gjoko Krstic has reported a vulnerability in Hero Framework, which can be exploited by malicious people to conduct cross-site scripting attacks.
5b0e412342c8782357b48faac887d0be90519bf791fc1cd4c1a774e2eb1ac41eSecunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2bc382dd3c689e925b9988b105504a5fec60ca95d2962b9322420c00b8ce671eSecunia Security Advisory - Red Hat has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
5615e5c67e2cd4a947b4f1822d03c2a42699973015b585edaca75b8708ad14f9Secunia Security Advisory - SUSE has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
651d4d2e23efb2efa8a5e736c92b46f96cc5212706d59c3faf493f8125968981Secunia Security Advisory - A security issue has been reported in the PAR-Packer module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
58c6ca20753a25849db339ac22e2ae944747be2205bdbc0a4dafb8a394b7af3cSecunia Security Advisory - A security issue has been reported in the PAR module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
157e1a4c44fd0b3be7d612004b08d965d9aab3dda90bfebaf990325237997514Secunia Security Advisory - Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, and compromise a vulnerable system.
ffec8379e285615dc2a2aa64f9134e0c26f97f8312def5cff955563ab0199aaeSecunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Ariadne, which can be exploited by malicious people to conduct cross-site scripting attacks.
aa3749e7b98a5b911f47c4991c8d8829ec6fb476915d007aee972963c0b646b8Secunia Security Advisory - High-Tech Bridge SA has reported a vulnerability in HP Device Access Manager for HP ProtectTools, which can be exploited by malicious people to compromise a user's system.
96f5d16f2c555fa2aaa8922f0ad421a720f673c576f9020ae54c09a299518ab4Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct SQL injection attacks.
24d31ab9817d1fa934d817d645c04f4bff8788a9329798e6a8627d0d27fba178This code is a proof of concept that demonstrates history extraction in Firefox through non-destructive cache timing.
cbb18dbf852eed470c1735fe94fe71da7a9d688fa9c6f2a7c8668720d84a7c08Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source tarball.
7868fe33902327ce3a552f50dc3b73cf3b3a2f80765f6d972c0d8cbedad17fc6HP Device Access Manager for Protect Tools Information Store versions prior to 6.1.0.1 suffer from a heap memory corruption vulnerability.
8c5130001eada0160e3dd77d56ccf4b9801e81f2792039461e1bebc3eb0b5821WSN Classifieds versions 6.2.12 and 6.2.18 suffer from cross site scripting and remote SQL injection vulnerabilities.
ec80bf8c704d3c2fbc67354cdd3cb78d2fa65092e98866d3233b3ed135e38b06A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
be6130bf64c1b4bd8dff08738fd95e00e2600a3558797364ad485593266a1157Kayako Fusion suffers from an authenticated database information disclosure vulnerability.
cc1dab82ec0f475319794b7ce744899d7353c572499294e47c04bbaeb46a0e73HP Security Bulletin HPSBHF02723 SSRT100536 - A potential security vulnerability has been identified with HP Protect Tools Device Access Manager for Windows. The vulnerability can be remotely exploited to cause execution of arbitrary code or Denial of Service(DoS). Revision 1 of this advisory.
1c3e885e054278ea06a9eb7a42554c3dffc46b649801638b333a7dffdedb41d8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed