PostgreSQL remote reboot exploit for version 8.01 and below.
1d28471ff388ea7dafb9fc0c8f98f3659aec3d0ac21a8a570cd86bed8287dfebSecunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.
1b96f725cd09e98614ef2fed1a60e7ca3ccba63efe4b7157ef2246e75849b23dSecunia Security Advisory - Ubuntu has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
a22ea235370e731b0b3d70da6236fbddeeb7d1c26ee36b8ee1fb96de0c26e4b5Secunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
c2591fd4454e96e7eccbd78fb20fae7cb9cd4ac857ef225bf7920faeb3c9f059Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cefeb9d53564ddd95662c3efb212b82978bad23acf898881484202536c67aa9This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9aZero Day Initiative Advisory 12-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
6b5f97b1c544b37daf25f97b0b52fcbb7493e4537b578d0236271819a3ac573eZero Day Initiative Advisory 12-143 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWGDP.DLL, which is responsible for parsing DXF files. When processing MTEXT strings in the ENTITIES section of the DXF file, certain characters are sought after to end the string copy function. If these characters are not found, the copy function will continue to copy data outside of the stack buffer, causing memory corruption. An attacker can utilize this vulnerability to execute code under the context of the program.
29879fb724204896caa7ed97dd1f02f239316276d4f0957c222aefe4cf9c59fbSlackware Security Advisory - New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
8a757d6bea44c9dd035d0408752f3bb928eacfee019caeb16488cc712eb2fc93Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.
8a9c280b793fd5689ee6d1eab372451da1a6ddfa522f51fffe5b3eeaf469a90fThe NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5efThe vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357bZero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
279769476bb55b52fb4a1cfea0a3fa4d6c15f5a797a70b8f549cd186ec7efd2dJaow CMS version 2.3 suffers from a cross site request forgery vulnerability.
c657173514edace566f414ca34f718968863e18646b9923687c4ad2e09b82608DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
42aac743fdc74591a341e7fe933e13851912c3eae3ac0c04086913041adab349Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289cProQuiz version 2.0.2 suffers from a cross site request forgery vulnerability.
1d3692f82eccc72015fdd11936a3d8a2526c9cdc5a3e7bfa34d939d1a50b1171Slackware Security Advisory - New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. These fixes include overflows, crashes, and pointer bugs.
aca91d3d6ff3435ba1461c911ecfeabf51d810fd120a10d94a1a06a0d8a10e46The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.
ce6d03f8afb8da5e9fab7773161352eac8d3bfb7b25bc19d2aa5c97279ad7812Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.
3ae2eaf49a9bfc802e659cf70f95a8ee4095350027b507c59c3be723c46cae97Some system directories on the Samsung Galaxy S2 for Sprint-US (Epic 4G Touch) are world-writable and allow for information disclosure, modification, and may lead to local root compromise of the device.
9f06ef12f388247b4f5396e78958861f0d2d299cd6eda363dcfb33d724706997Ubuntu Security Notice 1482-3 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.
f6eafdf05eddc06cc3f5e1210fb3edc481985bad585d980219e95024ddabd0aeUbuntu Security Notice 1541-1 - Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.
6639415b413329405dd78b3fdeb6c09d08b8b5349b04696101dac765fabf6df4Secunia Security Advisory - Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
5f6689ccbd14a11663edb78085fd876cc43a1e16c7541f749a3e943476d61261Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
a8da39ec795d458b751baf8f596c08c5b8787657117a6a3448e652865893bd96Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
4a0a1b4903894469bff498da1a1de032a7ea6158e3482a326613ddf0ff53b8a1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed