This is a brief presentation that touches on various elements of attacks used to cause computer security issues. It is very high level.
40bf343ddc6f826bdaa3a6f429164fd979037dafa0de7cfaa4220c3431ebc5aaUbuntu Security Notice 1420-1 - It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges.
e6b94f42f688c3136d553ecff135bd232b991d4f41e23779631623996fd74e61Technical Cyber Security Alert 2012-101B - Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.
7b6efa396060be88ab58d1b9ba817b6174c0d8cac6c5b6a361ff1c72175a2467Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
e1ec1bc25bc337a1942e74d7c07a0a9782a3728905f92f633204d8c7be267b17BGS CMS version 2.2.1 suffers from multiple stored and reflected cross site scripting vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
1a474163f17dc1462181f57315dc71f8d56003df79de9b6b8db2e147abf40c76Seditio Chat plugin version 1.0 suffers from a cross site request forgery vulnerability.
06d094015e904ce08e8240eb9c7df829c02e6115b618f94827052ea9bfa99a16Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.
676cd5caa1a00ec6655d780e2a43329e69c8af366edce0bac72c298a8f52bb1dKoprana CMS remote SQL injection exploit written in PHP.
3383c2a1d0fd8d6e9b8379515a4a9e8a9e190c71f0a02cda50e3dab5e367ed96Koprana CMS remote shell upload exploit written in PHP.
8d3b750e079db72cdf1375b60505c4691cf36b74583357d5e66d952c663400c6Technical Cyber Security Alert 2012-101A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.
2151cce31ecc67c5f890478458d9f102d21fc5c5acf8bed6a032535dcfa65a58wicd suffers from a privilege escalation vulnerability. Exploit that spawns a root shell and a patch are included.
7fc081886c2f0c3cdfce37239884c557cb3aa605b12afcdc87cef71a8c11ddafThis exploit dynamically creates a .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim's Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks "install", the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be "bootstrapped". As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.
fe11f9476eec443ec8ee1c993de10588be44723dae4fb783e6c16d3dee18a219GroupWare epesiBIM CRM version 1.2.1 suffers from a cross site scripting vulnerability.
c8547aac5f5cba34e71dc25c9a17b80bad80d40910df5ab397eefbfb9b3d332aThe Joomla The Estate Agent component suffers from a remote SQL injection vulnerability.
f8119363f3290801042b0f1c3735641f9fc59f70c8602592130260e11f967745The Joomla Bearleague component suffers from a remote SQL injection vulnerability.
c05f4b345fb2d1016095fd8e718636b8bde10eb1010efcb48159aaf1c75cf9efThe National Center of Education Research suffers from a remote blind SQL injection vulnerability.
4414371f33085a44c8b6596429e944389bb731f361deea72620305a56acc9d10Matterdaddy Market eCommerce CMS version 1.1 suffers from a remote SQL injection vulnerability.
552b7c73a625dead8d7e17634e55ad2b13b259c4464c324854d1aba922dd83b1Europcar.bg suffers from a cross site scripting vulnerability.
676ef51ad74a4ac79ad0a05d05c18176b77664cb0b82133150aad8e913d7989dEuropcarug.com suffers from a cross site scripting vulnerability.
ce7854c9d40879b31bfdf15cb847160ef3b26aee7bece362ab63ca3079896931Scully.cfa.harvard.edu suffers from a cross site scripting vulnerability.
e4391c75e3382e2334e35a018940ecf4b5d58377004a9dbfd2d7b74d09e449ebMinerva Infotech CMS version 1.0 suffers from a remote blind SQL injection vulnerability.
ba5b6e4d3096c01565cf0114ac49e260b3f4ff8c5da95f18e87649296a077989Debian Linux Security Advisory 2448-1 - It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query.
531a6ada2ab9abfb6de202bbd399f431ac06f31ee6befe118b5ce7ceb9a5fdfaGentoo Linux Security Advisory 201204-2 - A heap-based buffer overflow in InspIRCd may allow execution of arbitrary code. Versions less than 2.0.5-r1 are affected.
abfd4aa364671b754d92a1c343e376e15d17c7bb1a31c20017539b916774f662Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
b321c92d30665135abf19544c4c759a8dc26d73f6d998793727b56e0115999acGentoo Linux Security Advisory 201204-3 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 18.0.1025.151 are affected.
b701e0af7fd5d3bb49ccbc4fccd62c9703b155c464213a93ce5483d96ca2f2b6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed