THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
8325b7ae72109df8b42dec8860431710f34166b01907ffbbbdc2984d57e1fc22Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities.
247701a379b034921f63789f7940ce4554b6175e43185101ac0888869661b701Drupal ShareThis third party module version 7.x suffers from a cross site scripting vulnerability.
fc5f969376d20542b3cb875602dd77efbe7f9133a70a78c95b8b9b9e55cd20b0Drupal Basic Webmail third party module version 6.x suffers from cross site scripting, information disclosure, and other vulnerabilities.
55aef22bd77b013f11a1fd4a453d517f60625ec34434f4965aafe244ac84d479LAN Messenger version 1.2.28 suffers from a cross site scripting vulnerability.
c3596abc555b35ede522fca8ed4a35296bd574b76786ce9428b4ca1f1acae1e4Cisco Security Advisory - The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by buffer overflow and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
f3f03b152608eb2d212fe33f4e4e9c589d03b8afe33cf85a45bd8cb838a37c22Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by various denial of service vulnerabilities and a buffer overflow vulnerability. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities.
e687e54358edc2cf8b48a736c17f5ca97b017d60562325e1858a3d484ab26b53vOlk Botnet Framework version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
e54131638c8af68360886a900c3026ff7763f7aa00165f7ce9285c2151d69639Omnistar Document Manager version 8.0 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
2924e8b30c96dbf093040ad4ad98b8a4104a3b5364631473d81d717b1f6687fdThis Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3
ddfde3a6cd95fb91cc1c6b3a0ce469bb1d439179f47acc6c7c8348a5fef601f0OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
027a9767d9dd49b8285a5a65b637114e2fdd60feda1f622d5a73d26fc33b667fFileBound On-Site versions prior to 6.2 suffer from a remote privilege escalation vulnerability due to a faulty control validating password requests.
8e56b4f4c9544dd8530de39fc0101066f47f4c720e156e0793d6aa0ddffaf44aLinux kernel binfmt_script handling in combination with CONFIG_MODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack to growing argv list. Apart from that, the BINPRM_MAX_RECURSION can be exceeded: the maximum of 4 recursions is ignored, instead a maximum of roughly 2^6 recursions is in place. Proof of concept included.
7bd378909366bd639a1af332dc8a07b872f1dbfc3c0f252621b3c7a24e1876abDrupal Mandrill third party module version 7.x suffers from an information disclosure vulnerability.
dda553292c208635e30ebe0301239c8723a77376d27abbf4f4df2101708d2aa8Drupal Feeds third party module version 7.x suffers from an access bypass vulnerability.
8cbdc475947a3fa7bfb0e68b8f41e840862fcf4237c4fcc0e7f3ab08c6f3de81Microsoft Office Excel ReadAV arbitrary code execution exploit.
4f183637725018f93e56bfb644917918cb8b9b41e1b0740342746d362b3ada27The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execute arbitrary CloudStack API calls. A malicious user could, for example, delete all VMs in the system.
5c55e3186cdae62ed5be37387a29d8d58e87a494a33e0aad5812371b0f2a39b6Mandriva Linux Security Advisory 2012-162 - A vulnerability was discovered and corrected in bind. A certain combination of records in the RBT could cause named to hang while populating the additional section of a response. The updated packages have been upgraded to bind 9.7.6-P4 and 9.8.3-P4 which is not vulnerable to this issue.
80ffb7f2dbb46dfa6d4b27ae58985642bde45c40a03ee72694f49d54c766442cOpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
d484cead504afbaaedbee4354a2ee6cdeaaafcec1c5ad0426bb8c95c12f4be46Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
7ee347dab47968fdcfeae6ded0744a2d67b7d9204bdbbc8fcc6d7b57afd3f72aSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
4baa9985d3920fda89b759ca0348926bdd00621d85831296f96386675cb3ebf6Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
549d588e2d00c7897d8c6de38a16b083c762b0c80ec96781da79d901f2ced913Ubuntu Security Notice 1603-1 - Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
f3bd03ff8fe519bcbc1c64b3414f7be1fc1381ec28bdd55a6bd7aa3bf93ad9e0Ubuntu Security Notice 1602-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
cd14eb004d1fd81df2331a74e40f6243602923423fb7df9d1fcf5ca9b835b7da
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed