Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
a9412136078e46e98a651a0911c85265Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
de9592924e876ccd8692ea4405f7cd1bMandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.
a48eb7599f579a43e0f56af097cbf7f0Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.
1d8d72261c80ebe8501cf18c76dafc78darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
7a1aa3fd5bb9bb0c7134df94f38f31a3Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
96e246b81f447daeed7e88c291d1bc26Whitepaper called Metasploit: Low Level View. It touches on topics such as code injection and malware detection evasion / Metasploit encoders.
0559a81662deefef0464d9ae73e2544cImgPals Photo Host version 1.0 STABLE suffers from a remote administrative account disabling vulnerability.
cba530ca9691ccc3d36ba9f01870182eThe REC0N 2012 Call For Papers has been announced. It will take place June 14th through June 16h, 2012 in Montreal, Canada.
8f09f73114ba73df743325d409ca2e3eUbuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
939cc6e4e37bfb09419bf5c19c77167fGentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.
51c92e021d56d918a763f5b493103655Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
5dea3786c8208c8deccce3066fe74417Debian Linux Security Advisory 2419-1 - Two vulnerabilities were discovered in Puppet, a centralized configuration management tool.
f8236b1b7c5fd4bbe375e87807dcc4a1Debian Linux Security Advisory 2418-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
0f8d2d68e3571902f6851a5e902ba616Debian Linux Security Advisory 2414-2 - It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.
c84164d80d53998f1d44a34d2855ee13Microsoft AdCenter Service at advertising.microsoft.com suffers from a cross site scripting vulnerability.
9e4d3a19dd8fc9a33f8ab87369204995DeepSec 2012 Call For Papers - "Sector v6" will be held November 27th to the 30th, 2012 in Austria.
32c42322b7e32b5063ada9c235f003b7Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
efa4237db0195980bc7a8d07b894b4a8Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.
9ebc939a18d9148892f51f798563dd37Socusoft Photo 2 Video version 8.05 suffers from a buffer overflow vulnerability.
cd96556d5b30deabdb08867c30b8affeOSQA CMS version 3b suffers from a cross site scripting vulnerability.
b854525d547f8cfab225d0e812767448Wolf CMS version 0.7.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
1fb6cb749d247422778e7fd15ba5466fMozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
7b1de00624beb0c2e001fc131c1ec90cLorewing Design suffers from a remote SQL injection vulnerability.
a4d5c6ec42bffe212746d5a2d5ecdff6Kongreg8 version 1.7.3 suffers from multiple cross site scripting vulnerabilities.
3583867adb0172ea152f319c2b43ee41
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed