Sphider Search Engine version 1.3.6 remote code execution exploit.
2379dde6c9c4d4aca8f5e6073444d459ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
a2a07af1ad06162ab0e1fde1086f0863Social Engine version 4.2.5 suffers from input validation and cross site scripting vulnerabilities.
21e5a3667783c0dd17bdfb263977720cSecunia Security Advisory - loneferret has discovered a vulnerability in ManageEngine Service Desk Plus, which can be exploited by malicious people to conduct script insertion attacks.
0ee636be249f0605666cf0ac9e29b2daUbuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
30ae46e375e1e7690b8db59da535005fThis is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
90592cc3d1cec515fb3309b0cc7f81d8Secunia Security Advisory - A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.
677a836aee1b548a5a1f35cce90832a1Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.
80cbe4d60c02d1d2c7d4aef16b145466Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.
fe7347ff232f759e1925b05ce60f0f75Secunia Security Advisory - A vulnerability with an unknown impact has been reported in VStar Blog Engine.
4e613adda58c87e8ba29573371b12880Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.
9067246ff1f464a671bdeb79fb2144f0Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. This causes the address of the previously site entered to be displayed in the address bar instead of the currently loaded page. This could lead to potential phishing attacks on users. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. Various other issues were also addressed.
55764070a921d33158fa9d50c7e12581Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
058e4f2b2660330f790bff2e1e7a6ffbnetsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
d2da7a75d163f839129c9ebb8b0004d0Secunia Security Advisory - A weakness has been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions.
ec08cf99c1d903549fda87d512c05a14Cisco Security Advisory - A vulnerability exists in Cisco Application Control Engine (ACE) software. Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode. Cisco has released free software updates that address this vulnerability. A workaround is available for this vulnerability.
63894bf2e5628032e640285d133dba11Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.
659dc61af3decae8b5765c3cf1ac546fRed Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.
593f0df65823149f25af9aac6a9e37a3Red Hat Security Advisory 2012-1014-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.
2d5881733454795f1513ba5093dc4b01Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
e6049ebf3c6b307793dd132c0cd1d8d5Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
dfa667da3b23fc383980816fa1e979caSocial Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
46affb7ec997a27515c12a50d78d65f6Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
1b834a8034e8e9eb2a5c612ce032d3ceHULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
0fcee2cc0488500336b766af4478c3d8Secunia Security Advisory - Debian has issued an update for gridengine. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
78bae4da48e007079862b235e2200554Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
404ac289a0a3e0a879f7482cff2d8767
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed