Sphider Search Engine version 1.3.6 remote code execution exploit.
12d453d48a78bb7d7a0b6ff07688be488721af5843b001df66e28674efaec9abSecunia Security Advisory - RedTeam Pentesting has discovered a vulnerability in Owl Intranet Engine, which can be exploited by malicious people to bypass certain security restrictions.
3c45e5754b49a24f45fb2d3105beb725b16d3f752791fbced18b6320d042819fOwl Intranet Engine version 1.01 suffers from information disclosure and unsalted password hash vulnerabilities.
dcbbcd637364faab53f4367d19609cb5239a3d48ccaf0d7b4e8d9af17d44465eOwl Intranet Engine version 1.00 suffers from multiple authentication bypass vulnerabilities.
5304b380a361124cff3e565a933670de23c3fbfcbacba16332fe80f88e1c2995The search engine at search.babylon.com suffers from a reflective cross site scripting vulnerability.
a058da3322355dea54968eb6a909522538f6f19ddac9df9320726a42c32c2df3This is a reverse engineered version of the exploit by ev1lut10n that triggers a denial of service condition using a vulnerability in the Range header of Apache versions 1.3.x, 2.0.64 and below and 2.2.19 and below.
8924bead3b42a1c38477cea3b48584db4ab1b22693ae7553273e5f0bc044c0ffSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
6ff337ca71ca015d50e73a2bb90e02d894b617935482802102648d51b3876facoclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
16202639d6c25483fc007261064759176b375ea82302ddc9fe653bef7541bc6eThis Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
d91e779ec520d6b5000796fbb5510410cdd34ecb929017aa6bdbbf0c838eed04Secunia Security Advisory - Two vulnerabilities have been reported in ExpressionEngine, which can be exploited by malicious people to conduct cross-site scripting attacks.
056ede08de3dc44886959e15aeceabba7608b018483061de3952f26855693840ExpressionEngine version 2.2.2 and CodeIgniter version 2.0.3 suffer from filter bypass and cross site scripting vulnerabilities.
fdab17029ae48b80689e4ddd515edc23100d07a8f55741743dc18b289e5b7a22Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.
173dd2dc6e40dec5c7c9c41431ee90ad71887b768a7cbbe149bad7a87ed33359HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071Ubuntu Security Notice 1277-2 - USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were addressed as well.
28bd532ded831a89497654f782221fbde98b55af2975d73060350ebece644e3dUbuntu Security Notice 1277-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were also addressed.
50cacdc3fc2d46a4452a7d176ace181644b756e1e80e2655e104e50a14231030Secunia Security Advisory - HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
5aeee214506904de7f2c6d70290bfbc61c04b765694d6d409d8cd55614f1a659Whitepaper called Social Engineering - The Human Factor. It documents suggested phases of the social engineering lifecycle and associated techniques for implementation.
461544be2738e4d8abf609851dadb8d3da3588cb53e8c180e81e7d7b8e0989c9Debian Linux Security Advisory 2349-1 - Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting.
94d6f4aa841540b8240d6e3d20c3d96182ca3150a5ba105420ff901ae584d535Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.
11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901SAP NetWeaver Mobile Engine suffers from an information disclosure vulnerability that discloses version and username information.
f887bedbaf6328e9e0090370a2ef1d312367550062ad97dcd452fb137b15cb06Red Hat Security Advisory 2011-1455-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ec69fb3485e06068573e9dd1e5c2f4b0504da22c512e8de60d5baab2ea5e857cSecunia Security Advisory - A security issue has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to bypass certain security restrictions.
fc3600706f51e1546a762079fcd2efa095d15a261086c5e9113610bb2093559cSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
dc76a25ff5ca9df613a9ea69f52ad506f05aa62852c242b3450ce8b02e405a39Ubuntu Security Notice 1251-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.
904393052c763c857c28523ce148e5d5f06843e53f3ab205080487b696333173Ubuntu Security Notice 1258-1 - Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.
295b9f868a67ff1e5dcd4c2bd750e3710e012c5ef89f4caa1fd1db56d38f5170Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.
d14c1f13e9ebf372fff1196929b62f243ebe2d1b93e88472662a96e12abd305b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed