Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.
9d1d647e0c275ca0af3a4eff2a0fe1345781c53dd796cd1bca2a97f7cb8cc3e0This is an advance notification of 7 security bulletins that Microsoft is intending to release on May 8, 2012.
0f04088b55c9bf569afd5a670adbfd16b4e582b8d3861ca1244f11819e7009e5FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3eeJoomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.
d3e0916a3d65dc13f3285d97784500de31ef52e38715fbb01563ab87c0892607Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
aa3c9a1ec450a0d4938e11d530ee62851d77207f5fd3de404050516ca2d51b5aiNeat suffers from a remote SQL injection vulnerability.
ce9fac8eb6c0e7ffc819350c648ab72a7a71f553c53aba80b3118819fd9daa6aSQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.
84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4VMware Security Advisory 2012-0009 - VMware Workstation, Player, ESXi and ESX patches address critical security issues.
eb075b48375e4e244ac290d95f092560fec992c243117c80698f4db787b4f60aAnvSoft Any Video Converter version 4.3.6 suffers from a stack overflow vulnerability.
4b1def4e5f1eb575c9b905d500fe2ee0a5a1fb7cd904a1df6bcbd66332b1e7c2This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
ec86fdc2f4cc78d676680abb952cb10427dad174e2bed743fc0d8633dd49510aThis Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
7856c6264ba9fc35e320d076f363c777f1720c644ed1819cf46c0dd75d155ea8Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.
829e40f497b4b9a912618e7d916c1875a88063054d2b245603c57bfe9e1f36a6Lynx Message Server version 7.11.10.2 and/or LynxTCPService version 1.1.62 suffer from cross site scripting and remote SQL injection vulnerabilities.
4fbcabfd61c3349ff07c1e5a7ce72a6ca2b4ed762f1fb51a4c9698ac80e23e00A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do.
c3af28f477ac30230f17892635aa4bb2aaf6603f540ad29c51ef0dcf5bd4f244Fortinet FortiWeb Web Application Firewall suffers from a policy bypass vulnerability.
60186187c821f558019ba5b5ceedf1e0f5b2e5baf6fe5eec6c095e67cd012577Core functionality of Drupal 7.x suffers from denial of service and access bypass vulnerabilities.
aa32686e9c963d023728c1272ca5d040cf0afa985f4424b9984d7e5e667d95dcDebian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43aDebian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files.
28fcbb1e90ae72c09e69a3ee5e5b21c7f4e25a9ac41f8c2362ab810ece6c687cSecunia Security Advisory - RedTeam Pentesting has discovered a vulnerability in Decoda, which can be exploited by malicious people to conduct script insertion attacks.
7c81cd6cbfba56ca27349878773f48df4474ca15e5937eeab0536741f21fad1cSecunia Security Advisory - Debian has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
75c2518c48168b65d6f0d1b3ce70c32f49853d821874399d6e84ef684e095b5cSecunia Security Advisory - A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1c61cccf748717098d33b1f24e3c2d82a1e851d1cf4b11cde6453361decfdad7Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.
471089bf26b56a119f6cb7038bdc6e6089e7a56142805d8e872be245b9a894b1Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.
fe962137074c568a9842a93db2779757906988d6412c0e4e0f55593245137ff6Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
095a431916d4940def018eb172ca9d9eb56ce423b8b31672a945c26e7f23975c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed