Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.
b2737c5487ee0ccc3dd0aad08766de3ded97438472b971e00129211a3aad8404Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.
0cbe8d05a764e5b496cb01656e64143f445ea1830d36e968351d0ef74ebca3f3Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem.
16e48f7ce91d82b0c33ab001e1e7a2c4d68028db35e9f025aa12897a6e511aa8Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.
38c7f39d2b82f28d7e948cda23a7c17ad84d4b02355d6ec17cb2a2bc5a75629bThe Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities.
8ebf160c845108fcb7fac85ca7e6aa7427a189c844a2dadca4911d578a00cd6eThe Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
d6f15be99289fd0bcf6c81b9793b54371556cccddb48c1a7ecd9884a927c66d7The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected.
fbd8d8c9489c9d5364d8d254c147e664b61c9384cceec62815a48e5a516b2f90FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bbWhitepaper called Killed by Code: Software Transparency in Implantable Medical Devices.
af90e47c4e2ab09755f1bc97c5d61b0691e93b7f7752cc9c24ac6a5974de2967QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit.
df8b0e2bb9d5792041154196ddbe98dd0ae2a1df2a0f14877598e8664133de23Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.
5e74018474eda8cf0fa93c922c9191eee7ec4049bdf870c9ee7ceaadb6330a05This whitepaper is a MySQL SQL injection tutorial.
517d27c0d6f06d56b0bfa16f3e725b79f33fe4a3755de1772342c7350620aa7cXAOS CMS suffers from a remote SQL injection vulnerability.
e5cfd804a58020e6e3ea34bdfeb752cd128c65e425ab5be93d4ff719c3f0b7bdBallettin Forum suffers from multiple remote SQL injection vulnerabilities.
f03d45799067236e31f36dd25387a83d8965b28786b1e5b55b2a18aab9b3912bDFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
fb2b7acd857cba9b4c1a757a137b0cca0e7013ec228cec1207e9e466749671c8Freeway CMS version 1.4.3.210 suffers from a remote SQL injection vulnerability.
4e5f2a0cfddbc3d5700204c48260d7bee3e8451f021e2523e722d97d3fe49383CMS Ignition suffers from a remote SQL injection vulnerability.
03c0470ef1e1dba6af2c26304f9863eb2654a230b43b92c7139ef6a9dd46055b3dl.am Script Mtxkl Raidrush suffers from cross site scripting and remote SQL injection vulnerabilities.
1b2e68fbd7fac5c86d96bb86dcaa4852d45ad71c3d1085124e4009127447f9beRewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets.
eca6b434258f98306fbfe4e27f6f2f5a761dd5ee8cf65a55b9e18c282e184890The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010.
94f4a0e2f129226948aea42f25a5113d71c147fe10c5de9d1f581fe896d5755eThe Joomla Youtube component version 1.5 suffers from a remote SQL injection vulnerability.
3d3aff5e4a9c61938a2125377aa7583720a7da8f90dfc14f045bf0a43a05d64asNews suffers from a remote SQL injection vulnerability.
254ea89845f7694dae2b2659cadb767ceb55eb06e8ae2970e1f99fe1c94e7cc7WhiteBoard version 0.1.30 suffers from remote blind SQL injection vulnerabilities.
08940cc3306709a98b325d021b6aaa33acdc5351462748d950fbbd0d70ca9524MC Content Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
265d3681b6a219ca2ac1a882ec056dc41c776f5a0d34b9c0b0aebeb14467c091Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.
5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed