Secunia Security Advisory - A vulnerability has been reported in Barracuda SSL VPN, which can be exploited by malicious people to conduct cross-site scripting attacks.
c433fcb75a0a4580b4ea56dc243bcc0e080628b29c0ce9fc29a21d4b5ce57d2dSecunia Security Advisory - Three vulnerabilities have been reported Oracle Transportation Management, which can be exploited by malicious, local users to gain knowledge of sensitive information, malicious users to gain knowledge of sensitive information, and malicious people to manipulate certain data.
f48eb11ff44ba98cac0416ff2c3856f9ea90b7295fd426ee08f34832ca1115e2Secunia Security Advisory - A vulnerability has been reported in Oracle Clinical Remote Data Capture, which can be exploited by malicious users to gain knowledge of sensitive information.
afda318b4a5b45e5d72151985ea239a53548159d920dcc4dd51a479e6f4c6085Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
a0ceef2052a803e9ea7b579f546f17c335e6a6e2d2c1df21f446e876f256e99eSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
b5d784a71f062db6e4b27ceff58db1b3b0beaac0288483c9abfe4a81be41465bSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
e83f31d81e61bdd3861c86314dbb06275c27efa9da3e297c59447ee8f2d45c08Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise a vulnerable system.
cf43f166066e4c3f3399e4b4fbfd601023160e082969dd1cef858a9c834dda4dSecunia Security Advisory - Oracle has acknowledged a vulnerability in GlassFish Enterprise Server, which can be exploited by malicious people to bypass certain security restrictions.
3df7185d886727ee44ab94155fe544c3ef2021707fe750959c9aa90dc0dac500Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
48c9b395d5f59a7699604895b04427644e89bd6b049cb2850dd631e730e1590fSecunia Security Advisory - A vulnerability has been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious people to compromise a vulnerable system.
513eacae48f1e294e30fe15d45c796f7555109648fb9c7eb51e8d7f947993e5cSecunia Security Advisory - A vulnerability has been reported in Integrated Lights Out Manager, which can be exploited by malicious, local users to gain escalated privileges.
db031bd06d21ff196b3e96fb8f2544843709859cc55ba1e6d8068c734ec051b0Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Oracle Secure Backup, which can be exploited by malicious people to cause a DoS (Denial of Service).
bce8679ddc9a4f688adca7c6930dd9d306957ee6a3a0e9233c1ee663850e1bddSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
e05d58092d12b1288b4ef3057ee5b9da421bbe48e5f3e35984b9e947e929d797Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious users to manipulate certain data and by malicious people to manipulate certain data and bypass certain security restrictions.
1df6ed34712f36a018214b51e49d4c7db103899c14a21168b21e566b59b9fc79Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and manipulate certain data.
7ab8359d4ae84f812c0551ba6f3e3acd024730c073e77b91edf3e7cfc52d551eSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
ab608f7d66c5d5b9d7bec4dec013873d5115b23e78489b9ff5d33b1bbaa74a49Secunia Security Advisory - A vulnerability has been reported in Oracle Solaris Cluster, which can be exploited by malicious, local users to gain escalated privileges.
71ee0208776ad623c2e14034340991377bc8565e5df322fe9f468dd78ccd08a0This is a simple snippet of c code that can be used for creating a denial of service condition against a DNS server.
23d955165e262da83e17e578062db6045a5487a02f461e22bbd4b3d9d5a162afThe Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4
9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0This Metasploit module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.
d58b245a3284a4c3a0c953e6cd974d43047680186d9ff32f042bd97e492059fbThis Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
d8e51661349a2d58c55ebba98e0aab7bf40252bcd11e9570670dbb09e98a4244This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
10965ccc1d7f3bdfb1cdc1edf6199b5eb01250bbec68ab0ee4cf54ba20262a61Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.
36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57eaZero Day Initiative Advisory 12-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing FTP archives the process does not properly validate the size of the root path specified and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.
6dad13bfedb7e188c12a0ef3b57791e4524ce28c9e8acf71546d326eafadd865Zero Day Initiative Advisory 12-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing CIFS archives the process does not properly validate the size of the archive name and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.
f66fc824277e956dfd60d347e7c1bfcc9a3be97b6c00b6814e9aa0768e6d8301
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed