Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
caff988d8d6a8b287e888b190d4e50bfea86b1a48d8f7892618babccee7b3647This Metasploit module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2.
57ad1d7f1d323cfb6acd126a3292c26cbc21aecfac9b4ae0aa47d8c45a07aaadThis Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
4bdddccff72e6f861ece38c09f5e2d07982390d9788ff9574617a88479fcf1dcRed Hat Security Advisory 2012-1549-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server, a resolver library, and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default.
c93a5ce866293dbb2ff2ab0a0bf4133d25da8724b9adee6bbc7fb91d0b2176a9Red Hat Security Advisory 2012-1550-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface. Multiple denial of service flaws were found in the Red Hat Certificate System token processing. A Certificate System user could use these flaws to crash the Apache httpd web server child process, possibly interrupting the processing of other users' requests.
26ae7d0ec1a67dd00f9ba9c95c8dfaad4076143b7d0bc2c4864455634bd80d9fVLC Media Player version 2.0.4 suffers from a buffer overflow denial of service vulnerability.
ae63ac2cf5b44df9339c4e998d8fc6515ed566f5dae7b5467c07a6e32a1bc236WordPress Simple Gmail Login plugin suffers from a stack trace error condition that can lead to full path disclosure.
ea6d1f14abccee2f425db1a57a2ab84ddeb99e20a6f049e0e78a8463ac8c4312
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed