Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
ebe0a46c14fc36c8f45761f468803a2d95bdd0942e2be8db4fdf207deb519df5Cisco Template Manager (CTM) is a set of tools that make it easy to manage Cisco configurations over a whole network based on your self-defined templates. Templates support regular expressions. It works with the C760x, C730x, C37xx, C35xx, C29xx, C28xx, C18xx, and C17xx series.
f560e70362b42cc1b7fcb4d3785693540d8ec9e9f0372788ec32fc0a30c47a37Openreglement version 1.04 suffers from local file inclusion and remote file inclusion vulnerabilities.
6b5d59a0f9f58d71f69a358ad6e0879a5d97b0497a0c0470a04dc5cd91c4aaabKleophatra CMS suffers from a cross site scripting vulnerability.
b6a930668e68864fffdd94d67a04aa4982ce98f15d1e4d82ee491ff23c50c1dcThe Joomla Contact Us Google Map component version 1.2 suffers from a local file inclusion vulnerability.
f8bfc5c7c3e39a0881e141703df554df19c7e4ab432f955a269dfb6100185db0Debian Linux Security Advisory 2038-1 - Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client.
1a90132295ee7fe139fe09b55a2bfc10846d8e660b12fc31aa7d62a279d8bf84The AVTECH Software Active-X controller (AVC781Viewer.dll) suffers from buffer overflow, integer overflow and denial of service vulnerabilities.
7f6a0bb853da3f08e8acd4f1eb5daae71f417172a346b56ba78a04140eb6bb19Ubuntu Security Notice 931-1 - It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
859e5a3535ce170f31a765bc7551223cec71cd019e3c174afc0f87ad631f0ee5The Joomla Contact Us Draw Root Map component version 1.1 suffers from a local file inclusion vulnerability.
0709f9ff4bee8db3f97fe505cb43ada91a979f4258cd9375d372b8ba6cff82d0N/X WCMS version 4.5 suffers from local file inclusion and remote file inclusion vulnerabilities.
a76cca56af9c6e18d5880c251dbb7dc28e18bfae1c48d2820c559ffe5dbcbd41Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.
9e5427a42ec609184b91c787aba776dfd53753bbf2594f58df51f916c1df2df2Debian Linux Security Advisory 2037-1 - Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.
8cf38d43fdd1f0056423f6c0cc6d82bbabab5c5409e7f8a3ed1aed7b3d2dc866The Joomla Multiple Map component version 1.0 suffers from a local file inclusion vulnerability.
b9e3a3a0dc0ddec412050e41b776d763af2d48ce0c4e06e66873955757a244ccThis Metasploit module exploits a stack buffer overflow in the Windows Media Unicast Service version 4.1.0.3930 (NUMS.exe). By sending a specially crafted FunnelConnect request, an attacker can execute arbitrary code under the "NetShowServices" user account. Windows Media Services 4.1 ships with Windows 2000 Server, but is not installed by default. NOTE: This service does NOT restart automatically. Successful, as well as unsuccessful exploitation attempts will kill the service which prevents additional attempts.
4b384496a9fedaf168ba74cf8d8925d3e9590dc5accf8891f160d2def02e74d1This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability." In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
aed095959e7fb49ead9d940a99e35f4900f138562041229b74340d7ea5e82167The Joomla Multiple Root component version 1.0 suffers from a local file inclusion vulnerability.
77614708767585f6457bfadd79e7130b2d19e24da547b5414d73ad1d6b018152Debian Linux Security Advisory 2036-1 - It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption.
cf5a0bb145b9c1b0113f2ecb2ccee344d98505ef365970176e918e35139cb418This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.
747a1606b26df9100754057d92a18c72898b1aac62e7ff7f66444ab2423ae003The Joomla Archery Scores component version 1.0.6 suffers from a local file inclusion vulnerability.
61b8e4f35f31e5b7eac3beb2554ee5bfbf2551e99de6c8684d4b557beb01a70233 bytes small chmod("/etc/shadow", 0777) shellcode.
d39c286b2cae0d2462dd3871d669ada521862db9526ae5d52b041b496b3dd2d6XM Easy Personal FTP Server version 5.8.0 LIST buffer overflow denial of service exploit.
b27c0c17170f7fdcefe17bf00de15211f39523c26cfede7b53a54fe45f7a4b0fMandriva Linux Security Advisory 2010-080 - Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
619b4790162f49b79b2e7fd0ee40aa9d2359f895d66d5c3bd534226a29dae00cDL_Stats suffers from cross site scripting, arbitrary administrative access and remote SQL injection vulnerabilities.
b49294da943e5b8d608bb946787d49971337c245dfbbe4987112bcaa4cbe37bbThe Joomla Matamko component version 1.01 suffers from a local file inclusion vulnerability.
6dddcfbc3ca27933bc297961d53ca786f483945bcd5757a6763ad205de9f8b6eMandriva Linux Security Advisory 2010-079 - Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. Additionally the updated packages disables the SSLv2 protocol and enables the SSLv3 and TLSv1 protocols for added security. The updated packages have been patched to correct these issues.
5bf19020b2a22a23698a50a955f08f0203d3d90d40004e4558016718772bd062
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed