Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
82ff2fd7699988a09f497951b5861a1dc7189949a3bad03a06c9abe36c7ec773The Mambo / Joomla HeXimage component version 2.1.2 suffers from a remote SQL injection vulnerability.
a82c7ae489ddc6767e1d78b4572f9ab2e50e77624593f20a6e29e4fd086bb485Triologic Media Player 8 local universal unicode buffer overflow exploit that creates a malicious .m3u file.
c98bcb4f5c30cf50341fe9acbc2b3765b1637881c6a48f08be423efd0c020da9Brazip version 9.0 .zip file buffer overflow proof of concept exploit.
6c08cb7704eed1e9bb90c4573bbfacf23cc5bff58313175d0a3fd38b1f001731Debian Linux Security Advisory 2092-1 - Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.
abc283d1362db1638d921c62c402d1f05d20ac74284b3b47eb9575c4941db735The win32k!GreStretchBltInternal() function in Microsoft Windows does not handle src == dest correctly. Proof of concept code included.
fc09040c5d342c2df12a3cf1039bbbdf234d2446b3a7a32395506c2d1e13a1b2Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like https://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
8d09452fd99f2a9bde805d6d65592ab8d21f59caa9061c042dfef6dc38b7b5e5Ubuntu Security Notice 973-1 - Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents.
937f71ec4cafbb7568afd14d2eedfec7def4d329266ee50640da8a30d1c51a1aMicrosoft Windows suffers from a KTM invalid free with reused transaction GUID vulnerability. Proof of concept code included.
5836dce352203189816754eb832da87176aa9946d8fa469216974edcc809581eMicrosoft Windows suffers from missing HBITMAP bounds checks in the win32k!xxxRealDrawMenuItem() routine. Proof of concept code included.
99ba2e3016b4796873f56dc3a4740c9daf5cd34b9cfb6cc505ab6e6a34a350aaFree Simple Software version 1.0 suffers from a remote file inclusion vulnerability.
014d9f5cec95c34bf44df85fdd1c453c97840d9b3ebc8f2d3da4d692076f2705Ubuntu Security Notice 972-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
010c2cc1f2fe5a083968584ff14252965fdbb8468368ccc20b8a944ecec9b786Microsoft Windows suffers from missing ACE bounds checks in the routine nt!SeObjectCreateSaclAccessBits(). Proof of concept code included.
259d5cace1e4bcf5c3aa4140a1b61fc737a3cab09f0850b31a0823faf215291fWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 300 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
9c9ab674ccca531106d1ae71068b6e4c59e2611154341959d1193818e14c9f6fMicrosoft Windows suffers from a race condition in NtCreateThread(). Proof of concept code included.
b6c95d8f1ecf90425e14bc51a1d4453fae29ab4ca1bc8059fd48cb9e0f4a6d71Microsoft SRV2.SYS SMB negotiate ProcessID function table dereference exploit.
b6c3e6373f1220e76211f29f7ed7290793eecac9b6685d9f94f4fc054d2818e6A-PDF WAV to MP3 Converter version 1.0.0 .m3u stack buffer overflow exploit.
89a1b96ce068cfd8c0c0fae4ba8ed01d40d4dd3440b7a2ec5b827708e3dacce1Secunia Security Advisory - Multiple vulnerabilities have been reported in Ezyweb CMS, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
43f3388f6dfcc0dca32bd8017acbd5a819a67fd2dd30f4a5bd9b5a966bded8d3Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
98b32f0f680e180d3287b3ddb623dc179aafef914b2737516d16640534d2524eSecunia Security Advisory - Brad Spengler has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
15988a6a7a0899851b421a2c6ff3ea1d50b68fd820fc3fc65c2ab91cdfae6b85Secunia Security Advisory - Apache has acknowledged some vulnerabilities in Apache Geronimo, which can be exploited by malicious people to disclose system information or potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
bdced901f672717d9ed22a59962807cf5ea3c68a7f84186779c4067a156dc62eSecunia Security Advisory - Apache has acknowledged a vulnerability in Apache Geronimo, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service).
e53e4c1b4f95099cd3eba18ede1c172318e0a8ff1df36bdb19a2659e095c46b8Secunia Security Advisory - Lincoln has discovered two vulnerabilities and a security issue in 123 Flash Chat, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
03e2615bfdef779a8ebd30efea4f7c674712f2df6029b134392e55e11e0e55c6Secunia Security Advisory - Lincoln has discovered a security issue in 123 Flash Chat, which can be exploited by malicious people to disclose sensitive information.
63c4ccfbb52439dbd0e8e59d312dfa737379ac8da614e7963174c29267aaaba8Secunia Security Advisory - Multiple vulnerabilities have been reported in i-Web Suite, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
182c4ef1674dafaeab3d2d97ddb4f8b685d91f88f8d8628798eb6b1630edd4b5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed