Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.
5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7This paper reviews fuzzing and its context within the field of information security research. We firstly examine how vulnerabilities come to exist in software and how security researchers find them. After a brief overview of common vulnerability types and methods of static analysis, we look in more depth at the field of fuzzing. Competing approaches to fuzzing are examined, from simple random inputs all the way to using genetic algorithms and taint analysis. The importance of measuring code coverage to evaluate the completeness of a fuzzing campaign is examined. Finally, previous work on fuzz testing of web browsers is reviewed.
847622b4537e1334fad9504003ab57fb51baf3575e0822fba4b6117eb8be63d2This Metasploit module exploits a buffer overflow in A-PDF WAV to MP3 version 1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
c36f8e21b4b97cee5ba878b04ceb9d74b2c3487cf9055592c90c45c97711c507This document is a short guide on ARM exploitation and architecture.
eb11c5954a8a1ffe7fe345267174615ea26305cce19dcecad07807f79430e55dThis Metasploit module exploits a buffer overflow in A-PDF WAV to MP3 v1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
98f77271a20e935a5608bf3a7851354616670e5d252200c33c57d725a70cc30eWhitepaper called A Practical Message Falsification Attack on WPA.
e4508ac705e974e5997e8f259c77fb0c5a4426a86c4bc54012872d08daa7d98dA comparative study of anomaly detection schemes in network intrusion detection.
b9928e0c57d7fdc9212d412d47a979bfa6ae04da6fed4884e9c6313b71e3f0c1A Data Mining Framework for Building Intrusion Detection Models.
60d04b31fcfe448027bbb5860b8344475e331292a2f38a9c58a5f6bf8565794dA Framework For An Adaptive Intrusion Detection System with Data Mining.
8f6eb99f5161f3bdc97f1b2abc1790661385fcd2a732370cb3a64ad0d76ff3b4A Framework for Classifying Denial of Service Attacks.
6bb2ae1d0f82b729c5207119d92f40b2d239e203a10af9bec1f54258ede9691eA Framework for Constructing Features and Models for Intrusion Detection Systems.
f61527cf4af2510db8ad35437d3eb26e96999237907e12a510de0e49b2733a31A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data.
0449a5f802f6d128eb3b915c406f89489a0cd361eccb64aa70000c137ec98639A Learning Based Approach to the Detection of SQL Attacks.
fb14d0903dcb142210d09d168d0e7272d143fb9ec59f4aea8414793dabf2f3d3A Multimodel Approach to the Detection of Web-based Attacks.
9117f01a49f372f1077722bd13c30ab099dadef91785ce47ff698440299999b1A RealTime Intrusion Detection System based on Learning Program Behavior.
0e8a47781283f6cc330dddf6e88f496211be2a23d3b455a2013438fb5378ecbbA-Blog suffers from a flaw that allows for remote file inclusion.
1077d5570f91f0cc564ced7475bf18b618b5bb275d07873b4d21b2b2e7fe39b0A.I-Pifou suffers from a local file inclusion vulnerability.
f3f64ff457cc433ba6113ef296b1b67f75dd4d7a83ea037ff5f6b0b064981e72This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use can be released. The paper begins with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. A modular approach is introduced together with practical examples of how to implement such a scheme in a web application. It also provides information on common attack vectors, principles of validation, a modular solution and implementation of that solution.
d6ea21e85a8e50b5eb5abc46932d07593292a7f8f5443ced84aadf093a2415aeAtstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.
a8325ff2a0095531d4190a7c7f60437fa2c9dbffbca33fe8c429792d88f520fbAtstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.
06fd96368b13cff6c5011a555781244b333d9af19a094cd41d33e938beb1d104Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.
19e3c98687b101bb6f65531e4ac0c37464aec24b77de3b222fbb5a7d29c84e77Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
758ce6bde29696c5e492573e6a282d47923e4dc99f30fa67a78d10b987b58df4Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.
3687cf4f4805ebd7619c3a629f029fcea5cc0d6baf1031b38b9528d9e63c3d7cAtstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cfAtstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.
ac39259d91e80a21a84083dd2d5ed03a1ab274c26fa3d74162b3afe90c544152
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed