Netgear WNR1000 suffers from an authentication bypass vulnerability.
72c6cc5c8d4c418bcf9e4c0336a5047a0e2f2e3bb08d8d8efc6e07e63370d425PGP Individual UID Signer makes signing all the UIDs on all of the keys at a PGP keysigning party much simpler. It prompts for verification fingerprints, and then signs each UID on each key separately and emails them to their recipients encrypted with PGP/MIME.
ce4f7804af2806310d3be890361997fa110d94568a33e2a2413f04032639198eTechnical Cyber Security Alert 2013-088A - A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.
267de1873a51753001d948053d442596ac0e2e46a65b9c2f4f3f241dd131f274Slackware Security Advisory - New libssh packages are available for Slackware 14.0, and -current to fix a security issue.
4f29fc9ae0941903b155b4feab417794ea9f87b4fb023be631f85009a1f6ca03HP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.
0746632b57a61b2a1e105c96a10c846b657feaa5332e287d785fe60802111b6cHP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.
f111df3c200dc90354002b61f3ac8dfdUbuntu Security Notice 1783-1 - Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.
c24a1c3ac68073c644db15400ac8f6c99c9ab1b5641d5bb91173cedfe9b52f68Crossbow is a framework built in Python whose purpose is to help make exploit development easier. It currently targets MIPS Linux systems but the plan is to expand it to support other architectures in the future.
0d255ea903db83158152996df1fe37eafb8bea9124c8ae6a4743b015660d2ef5mRemote version 1.50 suffers from an update spoofing vulnerability.
c1de31f6f8728351a15b518d67f8c93d6869670704738ea370459b1e5c0cd954Royal TS version 2.1.5 suffers from an update spoofing vulnerability.
bbdbe2cbd87607168248afc01ef7c42de353e86ceb6dd83377794643f9bbeb09Daddy's File Hosting version 2 suffers from a cross site scripting vulnerability.
db44085cab878901dee0a65baa633d3bb9ce62a9c90a07fec1c599811840deacThis archive includes a presentation and code samples. The presentation is called Parsing Binary File Formats with PowerShell.
2ee444a0cd762da3305af205e37bf1cd02f62382b8e740e9691fa5f622881576This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads.
06341fc12ebcf2e13776c2ddafaa57edbd47f88dc20ac17daa4c87e2d4466e2bThis Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is disabled on the web server. This shell is widely used in automated RFI payloads.
079ce9781a20fac112fd7690e6c284a6257f4927ebf9c7ae45b6ac4eb0b72f57WordPress podPress third party plugin version 8.8.10.13 suffers from a cross site scripting vulnerability via 1pixelout_player.swf.
9620208825215dde109d0dd4c3734e97da23acc4ff0aa1eb1c302f9168f941c7MailOrderWorks version 5.907 suffers from multiple cross site scripting vulnerabilities.
cca8817cbdf2e9cf7db4aa0eedb86c8dc3199c58d9e85d491fdf62af4152b113The PayPal GP+ service application for analyzing websites suffered from a persistent cross site scripting vulnerability.
b1818e383a5b5735c8c66c269294c19ba5b51f5ba01f59bd57a6d45a263e3300The PayPal content manager system for sellers suffered from a persistent cross site scripting vulnerability.
3112ea858a3dd800858266762e9d7c03ed6e45b96447da5ecb1cb268ae33a435This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 0.94. The vulnerability is caused due to a boundary error within the handling of an HTTP request.
9e10375f11d2160bc7bb76256fee52ef258402ea5c166bf2a4a74b2a8c0132a5Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.
4c3d58135661cc0677501ab58b5ab4b645bf6e20f7be676bc756293c4c589cf2Red Hat Security Advisory 2013-0689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
49ec82c31e09a661de8b7df652d8eee53683f7471acff85a36ad89701d30651fRed Hat Security Advisory 2013-0691-01 - Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. A flaw was found in the way the Swift component used Python pickle. This could lead to arbitrary code execution. With this update, the JSON format is used. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.
bcd07c0db9e96622fb592f3bc2cdf309f96bf245b0da02f1ed7333420a00e28fRed Hat Security Advisory 2013-0690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
8e2fbfef90b9c05004aec10b390bae90ea7731c20f0d59269617c5d40e2c0b39Red Hat Security Advisory 2013-0688-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date.
5048abcd9eba6af3cebdcdbd769ab648a5ab74783682ae88ca727b8d8e7d01bfSites designed by Voila Syria suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
f123f9576092f3e027e57b3df0d7fb2d17366e274ccd657041c6ae8747e18719
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed