FreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.
f15c72585a8637121b4c9ef5b92e766eCallisto 821+ ADSL modems suffer from cross site request forgery and cross site scripting vulnerabilities.
a771779480eee0d21e9b77d892b978f3Callisto 821+ ADSL modems suffer from predictable resource location and brute force vulnerabilities.
4c68ac82ae7061d35c5c44fc8aaa5b9cUbuntu Security Notice 1140-1 - Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service.
b7a67a9590379ccbe9dacf6e53bfb8adUbuntu Security Notice 1139-1 - It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
c23b70e91271bcfd86ad725a00c7a970The International PHP Conference 2011 Call For Papers has been announced. It will take place in Mainz, Germany from October 9th through the 12th, 2011.
881576fbc80966d379f2743d5efdea74QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
66a313c9b6301bafb2889965bdff7347Apache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site request forgery vulnerabilities. Proof of concept findings included.
46e0efc2873583daa101dbff8dd69e8eApache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site scripting vulnerabilities. Proof of concept findings are included.
781440f7cd26f179cb2f4c9001c1fe12Paranoia 2011 has announced its call for papers. It will be held November 10th, 2011 in Oslo, Norway.
0af43eb17814157426d9cd8ee0db1ac0w-Agora Forum version 4.2.1 suffers from a shell upload vulnerability.
403d4f200430d420e4ecd7b504d0c0faForticlient SSL VPN suffers from an insecure lock file creation vulnerability.
6bd9ddf64d7fb42a9ad767e5302a72aeTinyMCE AjaxFileManager suffers from a shell upload vulnerability.
5b4b705b66c67e3b039a9a5676534733The Joomla Joomnik component suffers from a remote SQL injection vulnerability.
522a9ed1cc946710f7f29347dbde1ccbHP Data Protector Client EXEC_SETUP remote code execution proof of concept exploit.
5b408a4ad9db16208636f5c645165cc5vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.
23ef7ac73e51aaed5fc2776d5e7fcf9fBadAss is a Ruby script that makes it very easy to perform cracking attacks, port scanning, and more.
506efcbd2790111df7309dfc1bb626baThis Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
e0cfda04866c569459b89b151b76b785This Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
16aaccb7754cf34c355d08373881a6f5nvisionix Roaming System Remote metasys version 0.2 suffers from a local file inclusion vulnerability.
1b3694b5fb0b741cb9fa850e0255bd6aPuzzle Apps CMS version 3.2 suffers from a local file inclusion vulnerability.
b6c4a523d46ef54dc09a6a36e10c4d6d51 bytes small FreeBSD/x86 encrypted setuid(0) execve /bin/sh shellcode.
5af0dc3d2d18004ee932e75a2876b911Easy Media Script suffers from a remote SQL injection vulnerability.
8ce11aacf5b8cdd5d0a057bd0bb31f61html_edit CMS versions 3.1.x and below suffer from multiple cross site request forgery vulnerabilities.
42d8f0387e6836b5795f5bb9afce039eWhitepaper called Understanding Basic Vuln c0de for RCE (Remote Command Execution).
09e326e5f36bd2ffc22ae9a39c4ef33e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed