Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.
9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8eLandshop version 0.9.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
06c23effd7b7b44a3089ec55527daab42554267e4fdee22011c25999803dae48Bitsmith PS Knowbase version 3.2.3 suffers from a buffer overflow vulnerability.
ff8b475b068dda8ae047b8fac7df7397a76692e21be2a9c19f5a7db55247df62This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
f3f101f5489c7554b50702229d0f0d209cf48a2f373093551088f3e07904f138This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
db7da31673402422788bf435e51bb26cce80674800f01ecfb89ff9f49608d751JAMWiki version 1.1.4 suffers from a reflective cross site scripting vulnerability.
3a434a12f95e083d4e37bd69a090f4a82a49d407c4756262d732f4e0e3f3a399SocialCMS versions 1.0.2 and below suffer from multiple cross site scripting vulnerabilities.
a66d3ebbdf0a5c8fec0b050c9acc1528e7708bd7acc201da83ebb71d1a25f4dfSimple PHP Agenda versions 2.2.8 and below suffer from multiple cross site request forgery vulnerabilities.
02e95a628273a7d274960548d31bfc06e489e5e9030ae0a37dac889a18238b13This is a brief whitepaper discussing the security of contactless smartcard technology.
74a21b5c3907b319f53c402833c27ad3d326f6ca78d9dff95d4041ee8e139943MailMax versions 4.6 and below POP3 USER remote buffer overflow exploit.
14b8a1f5446fbce8f0033455b422da494838ebd8f710bfefe2e225cd86bde3c9SyndeoCMS versions 3.0.01 and below suffer from a persistent cross site scripting vulnerability.
e50db0bbb8c9c5cf899bf6cc502424fee086c16a445dd347146129d91f1a131cVMware suffers from a backdoor ROM overwrite privilege escalation vulnerability.
b9592c21e5137b1c05d3912f92d7e5520576843ea7ebeb78d6e4e04c2e626f17Intuit Help System suffers from protocol file retrieval vulnerability.
65677d6250ef2ab1e9b970ddb24217950a01b3edbee65118c3e2ebe4ee508a3dDalbum version 144 build 174 suffers from a cross site request forgery vulnerability.
00db7898e4448ebb13cb644498d530d22f039f12896633da126ec0a6476a7296Intuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.
28c43548d0a76f1624a1a7bef0b4301fe6ec08af383b75c0a01f373d96370407WebMatter CMS suffers from a remote SQL injection vulnerability.
4a0f7e79db84fc5f3e6ee7e303d84f4e17d86bc810f47fdf052eaf4e9a4686d1ArticleSetup versions 1.11 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
9989e178ae23e232b3197892da9d4f97be442d52ccc77c18923483a98701abc4PHP versions 5.4 and 5.3 suffer from a deprecated eregi() memory_limit bypass vulnerability. Proof of concepts included.
b8f9235bcde03d20acafbedaa0aa12b05d9c56034aaaa1a9f164f8fbde699142Firstload.com suffers from a cross site scripting vulnerability.
fe8708399a692ce8a272a89ac63191db1d103668ef36b703b2323bfc1e4ff6cbVMware Security Advisory 2012-0006 - VMware ESXi and ESX address several security issues.
c6e864dff9dcf56bf615c9e583291146b0b85366456ccd6d12ad89425be75c54Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.
d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14Secunia Security Advisory - A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.
0e39db5313135801d11626704ab28dd1f8ca677b51297e23da2fba7bed3b7ec4Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
ae89cc46e76cdf1534a4afde5a49a3ed56981fb200773afa921bee03c1acc0a8Secunia Security Advisory - Antu Sanadi has discovered multiple vulnerabilities in ArticleSetup, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
f732c0164c00edbcdaddc2fae2915561be17679c221d7caf3b8b276ea9de4fe0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed