Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
1743e5e0d5cc2c51eea82b08fd5a2379a2483478b76cb54de2e7c2aec5d7e59fUbuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957aDynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
37621a0070cbaef6aa5d4f64bb886aef4c1af19162680673b6c79897100c5b03Secunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
c2d0a69e4b51e595af1b3bad527d9683450cdb2471261fe7ab64b6f3a1b844d8Secunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
5f2d792f0678900743f9df4aa9e9530a0e4003f8e23b1989f7e10265d0d39e33Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
25eae5750d2834fb8e3079d5d6af05076a0ec2412dd6392f27ce72e2dd790185Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdcSecunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
44ce1f3c1fe56a9a2c5cbae8339e227a89bd710bc0e79daeb8adf7af74ff21faSecunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e1758af41f3ed887f3c0c4afbd3927d225129ce4148fbbb73309128a76056389Secunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
aec6213039755eb3445fa4ddca1d4af1ee1154545ed2970322958184ea5ba2f8Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
2d6a808c3d9d5cd84a8a28db0274894cf44f7279351616685fd52fea7c935283Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
9b2b777076f0077659ec329d9c211e8f33c419c5815f5bc8b059ee6bee3fb43cDebian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
0fa6f5de7bdbe3290ed0ede01f2bace1adff3a4674976586858e62e0e8ba2d18Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
764b4680811098ad5654daa7aacc0274f9de6ab81bef5b8286b792367f7e802cEMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
1d0445ba9e2d754fa11ecd05aaf43d0b4ef3dc02e0430db42104435fd5421234Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
ed4e76db85a1968d96d0b168a230dcf62722f0fc8e23574007b3bcc95e50099cWireshark versions 1.4.0 through 1.4.12 and 1.6.0 through 1.6.7 suffer from a DIAMETER dissector denial of service vulnerability.
e6f77a65be835da3e603a103f2c0bcabc8223ab38cfca9aa785e589fc21ac947Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.
e3de518339a43d0a5f512990af923fedfb53c8e45b810e538dc48e45374c8f12Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from a misaligned memory denial of service vulnerability.
6f40723d1c25a14ace173c31accd9416895fc2c1be2de9994389ad008ea69ad4Jaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability.
17bcc9a70dabb36b21745a5acce3fd83ccd2bda58d99ebddf8329eeee0b55a99bsnes version 0.87 suffers from a denial of service vulnerability.
27d8383734f9c7ed9fc5d3b879938acc56c7b08d1cdc6b9cc4f08bae17606375Mandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
10a172fbdd9a1956fcadc521595975f06bf508f0c5f7cc83e8e96be95744ada7Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
5a829776586783c6e948605b05d02fbaa7cc8b630bf68572c37757028b44c81f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed