Mandriva Linux Security Advisory 2011-042 - Security issues were identified and fixed in mozilla-thunderbird. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Other issues were also addressed.
d081ba2d6bcd0e827d19b280698db60d8e35a96f8ae5dd9acd818b9b360f70b1Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
63a521ad446cb2ddd1af1035e156678cf3b9d54a0fd09d60d70e2e2288524400Multiple SMTP implementations suffer from a plaintext injection vulnerability with STARTTLS.
9f712fa40e77ec9b23f56ccf53d3c72849e5a9e1a7738c614836c68c8b9595c8BMForum Myna version 6.0 suffers from a remote SQL injection vulnerability.
f77aeee1c4e7444553edfefcfc3ddffde43185244611bfaa9e13143b243449f8Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
26a6c0886046f56b50a2bf26bba2ee3a754c57452de7073dcc492e03d8e07022It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.
aa82f3a4387c9f1c208d243be31c7c359907af947bf457a2bf81f7f172ea4bb7The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
a113cf9e1a499377807990e506acad83afee18845a148a02747087132fac39a7RECON 2011 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 8th through the 10th.
a6e2f7e8a1fc356e8567d73e1805b3fb57c537da2219e610d9305606bc556e73Ubuntu Security Notice 1085-1 - Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.
e9397fa6d8f38798a98fbe7c182d72c1e10b037ec8cc64b976aec4405b72f22dUbuntu Security Notice 1084-1 - It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.
5e28ae80a5f0802306a3dc8f39007d0a5907c9e14b785263f2fb74042863af1dApple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.
50b3289c4489d4defcfdf5ed6c483a646482853dbb3b0aa3477ed046497aa078arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
3e4d2ddb0634dad07cbe7206349e0eb389e37510883b0735a450adef41df6f26The Softman administrative login page suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2adc4559a62e07503ac7d0037415d005922516a9b47eb7a28d0af07eb064001bKodak InSite version 5.5.2 suffers from multiple cross site scripting vulnerabilities.
c0819714587032a164e7969233a80d6fbf7cbce97b45f31ab343da2456c9b5abKingView version 6.5.3 SCADA related active-x exploit.
b7072d04385985d2e31f54590175039c3d89ee322da0d64430b85a6fd11f7692Bacula-Web version 1.3.x suffers from cross site scripting and remote SQL injection vulnerabilities.
8520e8634856fdeac1d116ce357046e9e71e330d64c10961a630f3b20e4c18cbWeborf version 0.12.4 suffers from a denial of service vulnerability.
a74391cf47717ba11a1fc53abc5379b1100e6c85a4c5af8cdff811aa1a70b41bHiawatha WebServer version 7.4 suffers from a denial of service vulnerability.
80318ee6a80e3cdf8451955911b1bdd5b63a92301b713132026bb94ed35fbc6bMutare Software EVM version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
8d80f08a56b5b4caea85f6d36934daed6d1d131fbca14f5f215277f84e092267This script is a simple SMTP verification tool to send mail.
29691ca8cb6bda754e176a18b8693468f6a9dbe573a2dd8fc9e839a5211262d0Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
fd3b0735a6472ee13c34b1f93007a8db3484aeb041b59d8f457550a3b8327b15Secunia Security Advisory - Fedora has issued an update for q. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
ba8fc2fbc22ea2c55a288ae95208f467b948aa2682d8c3e621d6ff29dc726269Secunia Security Advisory - Fedora has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
23af9489ad68ed35bab4f4a4575dae1d31b8a435b8c1711909f6ba7776944faaSecunia Security Advisory - A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to disclose sensitive information.
55f5d98ffcaf62459337839131e3e72cffcb7d733508dc53a1c4c60698e1f69dSecunia Security Advisory - Two security issues have been reported in GNU TeXmacs, which can be exploited by malicious, local users to gain escalated privileges.
c4b0a0a1a355d197b3ca8472639b7f6d259ee778ce74a4d969788df6873e739f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed