Secunia Security Advisory - Two vulnerabilities have been reported in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service).
53fa82a1f162398684a46593a9753e2c9ed325b3f1135ff4f07be87a2ad380abSecunia Security Advisory - Asish Agarwalla has reported a vulnerability in Apigee, which can be exploited by malicious people to conduct cross-site scripting attacks.
eeade674c9aecb3a5b8c5bf7747e9aa6619c6a7a9b2092dd78e85742af02ff74Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
c99cfbbbb00544ab79b5ca9139f18335bd2c7eda42e0a196b91659636ff2c4cfDebian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.
1bd9dd54ebd2b8dd8949d61a5c6e4677ff00eb13c0570952b6ac1337b614615aLACSEC 2012 Call For Presentations - The 7th Network Security Event for Latin America and the Caribbean will be held in Quito, Ecuador May 6th through the 11th, 2012.
392c7fb730b40f0d8112dae4fc4f807d48ffab5821f1d3a9b500100a3ead7649Debian Linux Security Advisory 2388-1 - Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.
826cbdcd9ebdd1ede5d583faeba9ffd5a6efaea2feab949f5f4db2e314923ec294 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.
fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95fThe Exploit Next Generation® SQL Fingerprint tool uses well-known techniques based on several public tools capable of identifying the Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of showing only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).
bf4a7c2d83f70c89142fb442c4c5a64539b4f8b6d26e806e53e2c6a7329d4ac4This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems.
4249e9430985117ad8d3275e803d36e641c4beae4c0f6950bde8f0af5b3e100cThis Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.
b3d6b213896bb1a0f9594f5b388cc6189527081d4b00c1e99a39ed41e41f07f9The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
c7bba621aee40e67ae1732c8d26a49c49f892205610014eda299bd9d8e79a5b3This Metasploit module exploits a Read Request packet buffer overflow vulnerability.
a286523e4973c08648295a9f06365c71b398d607ccc3a9716e5f04b48fc8c4ffPHP Membership Site Manager script suffers from a cross site scripting vulnerability.
a9bf3c9de3516a38cd249502932b35eee4325c060a177b654c86686732ea1c57phpMyAdmin versions 3.3.x and 3.4.x suffer from a local file inclusion vulnerability via XXE injection. The attacker must be logged in to MySQL via phpMyAdmin.
3198e8d89bc1a8cc793e92a6136c7fe6f956875742096c8de8840899af48ddb4This is a php shell that offers various connect-back methods, the ability to read files, grab source, execute code, etc.
65024e9ae949507819c9344a2e134ff406e24c6e2a54ded2dab8ef8e6e7d1f83HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
01da1f50ab5e7ffaf8680f1bf9bdef32b70eecac7583949ac5a2e2840b4e971a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed