AeroMail version 2.80 suffers from cross site request forgery and cross site scripting vulnerabilities.
7d8348ae426db7749bce33b433bb0507a0f5501f057b7a688857e2ebaf601f48Remote root exploit for OpenSSH version 3.5p1 on FreeBSD that affects versions 4.9 and 4.11. Other versions may also be affected. The bug appears to reside in auth2-pam-freebsd.c.
b0a72514bab1b654a9acc1539d19dc102efa3d5f89c49d95b1b5b7dae0a88734Bottay IRC Bot can perform s a battery of tests against a given system including, but not limited to, SQL injection, cross site scripting, Joomla/Wordpress detection, port scanning, denial of service, and more.
18bd6eb21ba923dcc2bba1cd7d4cd17791dc289e5163fed5252aeb3105cf92edThis is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.
1f00827393ec5f0b4d92aa4c0dfd1657cfa2e7a567c31c7aec7d9e2d47baf1dcThe INVITE method in use by Asterisk version 1.8.4.4 allows for remote user enumeration.
c8d09e1a6bc234ffc02445e7446b5216f7017ea2bb2d57463d5af6d921a8ff5cMultiple emulation clients that leverage Kaillera suffer from buffer overflow vulnerabilities.
79d3121b571aa1e6fc233145d27b1fdb99bb91f00a3ce4de2fd922d7981dffbdZero Day Initiative Advisory 11-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. This will cause the application to write outside the bounds of the array of objects which can lead to code execution under the context of the application.
93fa8a497789de659332c2262fd9a29a4c4a50320b59ebd628b329dde7d74b9cCore Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
efa1df6ff293fc879184a56101095c205856a98933d395ba652967d9bb7600a0178 bytes small sys_execve ('/bin/sh -c "reboot"') OpenBSD/x86 shellcode.
94d36b3d5311044309d26bc0029d3da5204b148e3ef361130577c6b4cdbffb0aTagonet Portal suffers from a remote SQL injection vulnerability.
fd067009a97cf61041b5f28f67558f812429396380603567e630c3b7ff0e05dfUbuntu Security Notice 1149-2 - USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem.
b0030ac11bbbf369d43ec84e244c221f725cfc7e87e72a43fe5febc8c991e4f7Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
f98a13749e7a39ecb264fe5f8d281306487eb2c3e90b78c64ce6d9396ad34261The del2info utility was written to analyze Windows Recycle Bin INFO2 and $I?????? files. It can extract file deletion time, original path, and size of deleted files and whether they have been moved from the Recycle Bin. It supports files from Windows 2000 to 7.
fa2edd460df117e52c39ad39b8b0f0b417b334196c7359a880ad8fe1e451c3c8Zero Day Initiative Advisory 11-230 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the 'alac' codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When Quicktime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user.
d8034660e6963425225158849ca792e846c8746451dad4749976d745f85b8dd1PHPnuke MT version 8.3.5 suffers from a ckfinder related shell upload vulnerability.
5bbbecbade42cde659b1d59dacca2454d8b777cfecb32e28c9b2e431dc918a49Zero Day Initiative Advisory 11-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. Before the allocation, the application will add 0x14 bytes to the result. Due to restrictions imposed on the implementation of this component by the language and it's platform, an integer overflow can be made to occur. This can lead to code execution under the context of the application.
cc0afeb7e583655aea518f9cb5b7f91713d652a00274049f8893af656f0739f7J Software Solutions suffers from a remote SQL injection vulnerability.
323a8dfd100e64a87696245ce193cbf7e6859e0ece4c863d30d4ef770c61ab41Debian Linux Security Advisory 2266-1 - Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.
40ee0fdcf0a402b4e148929bf52520da5205fe15c50c8dae5bbc534b47bdd4b6SmallFTPd versions 1.0.3-fix and below suffer from a denial of service vulnerability.
357d42dc0e210b67dc4190a596afff45fb42d94b2bb60535a42f73a07134267cZero Day Initiative Advisory 11-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ColorSync component which is used when handling image files containing embedded ICC data. When handling the ncl2 tag the process miscalculates an integer value used in a memory allocation. This buffer is later used as a destination when copying user controlled data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the application.
28f0c86a7153f8ab01da15469d3e82484598e321f5062bb00f5e5d3205b4d7beSecunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive and system information, bypass certain security restrictions, conduct session hijacking attacks, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
4ffb77f3ab1f840fe32aa20e5965a64c20f6f4c30f495c2f6e02f642a6f1f57cSecunia Security Advisory - Debian has issued an update for php5. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose system and potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
3a3fbac5cc5c6f1c77c0b45ef33359815c9bc9af5acc80a0a61d4d6faf84a236Secunia Security Advisory - Fedora has issued an update for syslog-ng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
76da70b29460b6fb2d0831a5a018a86b72d5cab378e315123716e520add40816Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive and system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS.
9c5f28fe3cae6804eadc073868c6d8fc7a2c8a11627c6c67822ddac717840b1bSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal and IBM Lotus Web Content Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
b52f9d1a2e59ace269deba03497414c879f53101c95bcde21f8adb3f84f5dc0f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed