Adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
4a6d3161ecafc7fe7872ee3e79e620bf4206266bb8146d28bdaa56a6a6441968This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.
9949872fc1ebdc3a22c30908a1250ac0f492dd32e5fa7cdf09b5146958389629Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
5f6ccb96277ad049c3765c9cc331fb0821255d47d81991d24fc14bed83bbfa75OSSEC WUI version 0.3 suffers from a POST cross site scripting vulnerability.
8d079d840ac8fd5072d58b0e908b4760ef10866ac645e9b7f97eeed627b61d1aAndy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
4d92bdc3d4a04a081d6ffd6f55afa9423679f106f5b331ef53e98497ba57edaeJAMF Casper Suite MDM suffers from a cross site request forgery vulnerability.
cf040459d9566c7ec0296767cfadc0a7c77290c27d5f32c1c12b7b58c1b369b8Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability.
ce96999e810814c024c38533c2b23e3e57c9c4a4b441314fa7e4c4133f539757Smartfren Connex EC 1261-2 UI OUC suffers from a local privilege escalation vulnerability.
0ec1e258edf48173a940544afae0a141012670394cdffa3cf9890e76a8cbf613Gentoo Linux Security Advisory 201209-20 - A vulnerability in mod_rpaf may result in Denial of Service. Versions less than 0.6 are affected.
1e07e14ae6817fdb3613911807943dc43e04592179b966c1b55b79f5d692967cGentoo Linux Security Advisory 201209-19 - A buffer overflow in NUT might allow remote attackers to execute arbitrary code. Versions less than 2.6.3 are affected.
26cf59a1302101863453c61e09109055f9c2d3852b357e5c59d849763375a3dfUbuntu Security Notice 1586-1 - Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a user were tricked into opening a specially crafted file with Emacs, a remote attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Various other issues were also addressed.
e68c5c5c496cdf07a56ecb2cebeb00389e61b3d59a69baac3725b58811acc749Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
a899b80649ea6f586d8981bc213cdf894806632b70ff04ce3c7a36b8568b52d7Debian Linux Security Advisory 2552-1 - Several vulnerabilities were discovered in Tiff, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation.
54501d6daa7e0227cc4295dea1eb1182adbb49b3811ac7370a51eb73ad6ebe45Gentoo Linux Security Advisory 201209-18 - Multiple vulnerabilities have been found in Postfixadmin which may lead to SQL injection or cross-site scripting attacks. Versions less than 2.3.5 are affected.
483fff8b8c40f8c7a48ee6753a592cc64440c80a933a09fb2b3d976df89bf714Debian Linux Security Advisory 2554-1 - Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey.
367c4b80049e02adfcc8609be2a22ae776fe78a36fec636dc2cbf3dc28e9b0afGentoo Linux Security Advisory 201209-17 - A buffer overflow in Pidgin might allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.10.6 are affected.
bdad7264254fa4d62f5b0efa3a6c9ff198a60da18bbecd423795e3951b065dd7Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Piwigo, which can be exploited by malicious people to conduct cross-site scripting attacks.
aafc85f27af9b9c151350645a20dadf8f441bcd53259e000a6328779e3f51fe1Secunia Security Advisory - HP has issued an update for OpenSSL in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
55b8cd61d5b3982db05c6f5f905824cb885de920adee1487b6c02799e629d346GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
6ff03900a084b8dd4095928f2e332aa55f3d465b1c1c0d6f91df172013b7d3e6Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
4e2ac39a4af661e2d43542177067075d29ca5a2897fe1fbdcc060ee3f8e3f014Secunia Security Advisory - Ubuntu has issued an update for freeradius. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
503cec4c63ba43f566349164a5195fa81f9ce3b4ed4dc8232c314bbed2d6299eSecunia Security Advisory - Gentoo has issued an update for sqlalchemy. This fixes two vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
05fbde0cb95773a53461940740eb640df4c0f551458a3d07c116a3dcf535b366Secunia Security Advisory - Tom Gregory has reported a vulnerability in Trend Micro Control Manager, which can be exploited by malicious users to conduct SQL injection attacks.
a0c04aa7973105deae8ee946025c682a4f27cfab72a8c830d3cb5d08858c754bSecunia Security Advisory - IBM has acknowledged a security issue and a vulnerability in IBM Rational RequisitePro, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).
b8bac7a1aaf394c5843a0f3e5aa5cfc3f32f631d496ecb9c7a23901915af7092Secunia Security Advisory - Gentoo has issued an update for postfixadmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
6693c56c2f108a20e0dcda9c18d324aebc47f973032682e0962f59bf7c80237b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed