Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.
471ce01d238810bef4b672c13bed60968aa25283433c449bf7c0a05b6b29d2aeMandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.
98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15aFreeBSD Security Advisory - The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.
daab8415751957e3ad1463b8ec1447aa42b593613cb89eb97366e0b6b20911e2QtWeb Browser version 3.7.2 denial of service exploit.
581ae9825f747c9d90efbdbf86d6b4f59c7c4189dcdaf7f197aea76418369bafUbuntu Security Notice 1120-1 - It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.
b07452b15b9bd47493da17c9b8107457a4deb3f3a8e3b4b9d2b8af8f82198122PulseCMS Basic versions 1.3_Get.Pro and below suffers from backup disclosure, file upload, and cross site scripting vulnerabilities.
a43aadcb2478b2bc0ec83ff3f7bedcd2ba01b63a7d45f522cd4c14a1da9f01e0Syctel Design suffers from a local file inclusion vulnerability.
11f1c099543d17f8873d34c13df2d69bded8de7891f064517bb4ff526c875227HP Security Bulletin HPSBMA02665 SSRT100185 - A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. Revision 1 of this advisory.
8c7e4c8543912a417c70b3b411edcf19891be429df960a539bcfa10a74b9f84cHP Security Bulletin HPSBMA02664 SSRT100417 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in privilege elevation and cross site request forgery (CSRF). Revision 1 of this advisory.
11f59e895c6a78303b7055f68276c2f1555fa5170f23f91220d99224a78bfbbbMoscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).
4b26d31504786a1ad4422ca5b61802511847d6c0251eadc36194d0932ed7c4d1WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).
8d8897a7611cad7322ea647a0f2f2b2532bab2ec111a098cf56370486ca60375Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
79f962fb992be94afbaab6e191e501775fa100b0a85d5cc930a3a15ad4701e1fLinux/x86 /usr/bin/netcat -ltp6666 -e/bin/sh shellcode.
84aa0c4d97e3ba738247628d5bb9d317fcac19a4b680f5764acf2335664d47e8The Gesytec ElonFmt active-x control module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in the elonfmt.ocx module, a few memory registers get overwritten including the SEH. Proof of concept exploit included. Version 1.1.14 is affected.
d243509ba1defdb6a43cd5e44c3842fe251b3364720483e0de16bec5c0e5ef92DNSpoison is a DNS request sniffer tool that forges a false DNS response for IPv4 and IPv6 addresses. Hijacked traffic is needed before starting the program. Tested on GNU/Linux and FreeBSD.
a6daf346b6c6ca16ffd9865d5cacf8de784ec1a1c7404d7deeeb47db52ebf015CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.
54d353436068f5967916378335b32cc7d35d97264b19d01f20dab55f3ff1a995CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
a2fdaccf936701cb458f4e2b02cdf7db59f508b0f0e7f796daac3f28d4115ccbSecunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Learning Management, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
b222da7c54fdca7f27df3b150a209486fa84b6327ff00aedbd23bc223afa22f7Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in the Universal Post Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
214d4e3a0dd28378acab1b190f5cd3d250738a8b1114d2be260516c087678a5eSecunia Security Advisory - Two vulnerabilities have been reported in Oracle PeopleSoft Enterprise Applications Portal, which can be exploited by malicious users and people to manipulate certain data.
7e2d453470ff8ee009f74b3f151639d46d2600c2cfbbc1df174e910bfa1d44dfSecunia Security Advisory - Ubuntu has acknowledged a vulnerability in language-selector, which can be exploited by malicious, local users to gain escalated privileges.
46481eab19ce0b2e550bd548b7c7c2dbbf58594715a0bf665b29f1c805310431Secunia Security Advisory - SUSE has acknowledged a security issue in kbd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9d96ba7b021a0c1b3d2f6dafc44ae7895d7afe0a60d72d4613ff770bee17db67Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
f11629d60daff1a6ca84f7cea3e2f06f1e80ab40921c95c8c6f3e52c23c9204fSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
37efed92cedfda2a98b34c7e5720676ac9cbd2936efc158da4a981c2fdb6de46Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
7c9ca47f2465e178579b4a1ee99973ef41c0166f29ac61d40a554879ffd8298f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed