AeroMail version 2.80 suffers from cross site request forgery and cross site scripting vulnerabilities.
cbb8d39fcd1ea68df778bb29857776bcRemote root exploit for OpenSSH version 3.5p1 on FreeBSD that affects versions 4.9 and 4.11. Other versions may also be affected. The bug appears to reside in auth2-pam-freebsd.c.
bcb61f978d7589233b8201229cbd508fBottay IRC Bot can perform s a battery of tests against a given system including, but not limited to, SQL injection, cross site scripting, Joomla/Wordpress detection, port scanning, denial of service, and more.
fba5fbf549c366e5dfb3c5e7006de610This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.
ac336a984889bd69ae7d65140b630bc0The INVITE method in use by Asterisk version 1.8.4.4 allows for remote user enumeration.
0c0cc0ae5e1bf59376ac0c7a14079c3dMultiple emulation clients that leverage Kaillera suffer from buffer overflow vulnerabilities.
0f1185cf86bd8bbedee4f8878d80bfafZero Day Initiative Advisory 11-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. This will cause the application to write outside the bounds of the array of objects which can lead to code execution under the context of the application.
c43306f7850b58eb82ccaa1650b655ecCore Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
2b607c134d5d1bd9d316d28d48a0077d178 bytes small sys_execve ('/bin/sh -c "reboot"') OpenBSD/x86 shellcode.
e3a9a796f3802317f3affb5430c3eb3cTagonet Portal suffers from a remote SQL injection vulnerability.
5c8ed50797f002e6c60b98c36b7658f5Ubuntu Security Notice 1149-2 - USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem.
2e047736b2cf396f147b26133eb4ead7Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
abd37569821fe8444da64f3385882387The del2info utility was written to analyze Windows Recycle Bin INFO2 and $I?????? files. It can extract file deletion time, original path, and size of deleted files and whether they have been moved from the Recycle Bin. It supports files from Windows 2000 to 7.
bd154eed0759bff0967c003e1a0742a6Zero Day Initiative Advisory 11-230 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the 'alac' codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When Quicktime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user.
7537317f117f9f69067382ff0b758632PHPnuke MT version 8.3.5 suffers from a ckfinder related shell upload vulnerability.
d44a210e5ef3f10f683e0b5e00b9829aZero Day Initiative Advisory 11-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. Before the allocation, the application will add 0x14 bytes to the result. Due to restrictions imposed on the implementation of this component by the language and it's platform, an integer overflow can be made to occur. This can lead to code execution under the context of the application.
fc673982aff7f944a871fb2ccd1e8d90J Software Solutions suffers from a remote SQL injection vulnerability.
796bcde966856df77a6b979b70168609Debian Linux Security Advisory 2266-1 - Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.
b2e43d17e42a67932628eb0ec6270779SmallFTPd versions 1.0.3-fix and below suffer from a denial of service vulnerability.
ee707912aedc27840fc0c56bd0b13f23Zero Day Initiative Advisory 11-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ColorSync component which is used when handling image files containing embedded ICC data. When handling the ncl2 tag the process miscalculates an integer value used in a memory allocation. This buffer is later used as a destination when copying user controlled data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the application.
6d41ee6d1fa981fef6b659451d62befcSecunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive and system information, bypass certain security restrictions, conduct session hijacking attacks, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
47c97fba7783bf4e41982f10884f341bSecunia Security Advisory - Debian has issued an update for php5. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose system and potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
6171a5734473e129f51c134f60c0486eSecunia Security Advisory - Fedora has issued an update for syslog-ng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b3ec0956fdcfdd4efde03f49ac8cbe0cSecunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive and system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS.
f24aa3c78b9b98b7892bafe47c1706bcSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal and IBM Lotus Web Content Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
dcda23af82c2d8ba5f7af249e2a5c2e1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed