iDefense Security Advisory 06.03.08 - Remote exploitation of an information disclosure vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to obtain sensitive information. This vulnerability exists due to the placement of the password and configuration data within the application server root directory. By making requests for specific, sensitive documents an attacker could obtain the configuration or password hashes of allowed users. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
23551924e25899f23827e631212b476536014a10dda1d024bd06c64162776740iDefense Security Advisory 06.03.08 - Remote exploitation of a file creation vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. The vulnerability exists within a file included by several ASP applications. This file provides a function that will write the contents contained within its first parameter to a file specified by its second parameter. Several ASP applications allow an attacker to control both the content and the location of the file written. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
c8738c63961d01a910c9a1548f097fc57108cc926e6a36c5d014b8eeff808008HP Security Bulletin - Potential security vulnerabilities have been identified with ActiveX controls in HP Instant Support HPISDataManager.dll running on Microsoft Windows. The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code.
73ddf361e685590c43f24d81890634225ab60734e083fa4f407ee0bae1723f30The HP Online Support Service ActiveX control, also known as HPISDataManager.dll, suffers from eight vulnerabilities. Five of them allow for arbitrary code execution. Proof of concept code included. It only took Hewlett Packard 207 days to fix this!
1b188660e4a25d66cc3fa31a4fc24596dfd706b01ebaa57dcf760e66e66ee2efQuickerSite version 1.8.5 suffers from various site manipulation flaws as well as cross site scripting and SQL injection vulnerabilities. This thing is riddled with holes.
58acc7a4491e9f4405f467c26a046525f3d490c89855383f84152e5ed95324ddSIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
7a884728d0b0449539ae468744f04de9386aceef921b10b79cfdbcac2701d9ffalph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
c1ca70c2034101828bf6a6996161301331563b4e5a6b3957b3ce33da6c136ba9Joomla Jotloader component versions 1.2.1a and below blind SQL injection exploit.
adbadf3b6350077e9e924e7110f6121994f62f1f1a2867c6e89ef45953cbd7431Book Guestbook suffers from a remote code execution vulnerability.
b23f8bba7a1d4b60bf861dfc3094186def94eb419801e9ebad6e8dc02e5b9e0bJoomla JooBlog component blind SQL injection exploit.
366e8e1ebde95dd5033b3859ce4f354c4d578fbb2fe3cb9ab7dc9659b4544923Mandriva Linux Security Advisory - The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. Additionally, some fixes were made, related to: iwlwifi (small bug interacting with drakconnect interface detection), brightness handling on EeePc, uvcvideo on Thinkpad X300, sound for TOSHIBA Satellite Pro A200 and A210, RealTek 8169 ethernet, unionfs, and more.
e2c7f9ca31e1a830b26d32bb28c2e8bd202c4a3b98b402586a4f6a9c2ef72fb1Asterisk Project Security Advisory - During pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.
6d6c76931877fb8fcfcb71ac5a7f4ca1baaf4e140c905963272cd3b2b09ead91Ubuntu Security Notice 614-1 - It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. The tehuti network driver did not correctly handle certain IO functions. A local attacker could perform malicious requests to the driver, potentially accessing kernel memory, leading to privilege escalation or access to private system information.
ca2f984d27aa5deee1f3c6719dc2cd35d3ea868489fb3ea00ecf5c0f4810bbebC6 Messenger Active-X related remote download and execute exploit.
80297bec0528d0f53dfcf8e6de464e5f180b3c2d68d837064b9e5315ce04c433Secunia Security Advisory - Heise Security has reported a security issue in Online Backup 24 Client, which can be exploited by malicious people to conduct spoofing attacks.
ad3c1a5ac4f2c257dea38f2cfcffd07ce6b429a6c651ac2dbe2b364717aefb8bSecunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in HiveMaker Professional, which can be exploited by malicious people to conduct SQL injection attacks.
92c5af75c8fc21259dff9409ddcdaa4ac98564b359c5ccf53c5b7d8250d9c873Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in SMEweb, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
56c32afb5aa11438303b2867a25f534f718112d07610417317d19935d6e335f8Secunia Security Advisory - Fedora has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
7907394ddf374b2713139d32a1a955e8dbdd9f0bbaa3f665d9765da69a7d9fcdSecunia Security Advisory - Fedora has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.
95fe365f49ae469d6c6a5b0191b8b1bf4abe84552d8998d3b167046406734838Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in meBiblio, which can be exploited by malicious people to conduct cross-site scripting attacks.
5cb0537692dc3d7b3008f228f0e9ea7fc241201cad7063645fd60742d0822f23Secunia Security Advisory - rPath has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
ce9ab7f664a15c3cc0ed2c46f1f0dda62ca9a0f5daed8beb63911b6cfcdb9cbfSecunia Security Advisory - rPath has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
fc8779ec897820e1dbaaa907bb2d27e6e99c3636f0fa260b199cedfc7209f812Secunia Security Advisory - Stack & Jadi have reported a vulnerability in the Bible Study component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
6f219d73b02003f477107082b254369547e4f8d1e5512f281b4c390a8e3e9988Secunia Security Advisory - Some vulnerabilities have been reported in LimeSurvey, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site request forgery attacks.
a76281d1162462362e67f9952435116c35fd9031ec3cd2a19c7ad37349fe4941Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks Storage Mirroring Software, which can be exploited by malicious people to compromise a vulnerable system.
7971a1fcb8c764a72e5304a4ce83db718e4dcc0c793e9779ebc21526e7f1742f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed