PostgreSQL remote reboot exploit for version 8.01 and below.
88ac57a73b879ce9479508b6eb6fc58bSecunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.
59f864372e600aca224258f59901094aSecunia Security Advisory - Ubuntu has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e4947ac264932aa1e75ead827583715aSecunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
182fbef40fb0a317fe74fe7ce4f34171Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
aaafaebacc67b8841276e7facdf4f129This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
e01299565c3420ecbac1bfe81c71d308Zero Day Initiative Advisory 12-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
7588a6892021720d23b0533b79b8b4a8Zero Day Initiative Advisory 12-143 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWGDP.DLL, which is responsible for parsing DXF files. When processing MTEXT strings in the ENTITIES section of the DXF file, certain characters are sought after to end the string copy function. If these characters are not found, the copy function will continue to copy data outside of the stack buffer, causing memory corruption. An attacker can utilize this vulnerability to execute code under the context of the program.
572d0b4809509c43b25284eaac3f86e2Slackware Security Advisory - New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
d2511bfe465dad4fe651c1610294ce80Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.
115854b44c0ecde1869f05b2c8d44fc5The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
be8f7c7d2ddedb8c2dd303ad8483fa0dThe vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
2bb799fb1562340d2c8f75004b44d362Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
cde8f6cb86cda9f6333bb040755f9379Jaow CMS version 2.3 suffers from a cross site request forgery vulnerability.
dabd1421fcb3ca159e17ef15fc8766cbDNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
6b142ed5eb90c650ae4f97ec654eca25Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
e28efbf484734217c6b6714f69b893deProQuiz version 2.0.2 suffers from a cross site request forgery vulnerability.
8c0d2e3cb0ca60ada5e404954009b5c0Slackware Security Advisory - New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. These fixes include overflows, crashes, and pointer bugs.
7f9796f5590340055afdef66d7edacd4The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
c360b436f312000c4cb2ecb69ece4dd6Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.
c032d5f8c5c4e9b7deb21e28210513f8Some system directories on the Samsung Galaxy S2 for Sprint-US (Epic 4G Touch) are world-writable and allow for information disclosure, modification, and may lead to local root compromise of the device.
e6d996418b5eb3300b658751371d4205Ubuntu Security Notice 1482-3 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.
4a56480cdefef37e063c8abbd0fd8019Ubuntu Security Notice 1541-1 - Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.
47ba2282c1b991db82eb3c0dc1df42a2Secunia Security Advisory - Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
8d566c8d6264635f165b39c6e54cb076Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
f629a2040315c186245cb11e4344dcccSecunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
e4a6dc689d7878cf0de50eb883e7b2fa
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed