Core Security Technologies Advisory - The Sun xVM VirtualBox suffers from a privilege escalation vulnerability due to insufficient input validation in VboxDrv.sys. Proof of concept code included.
5b2b609eef7799da6366c7eee24f5704c537ed42e64f375f1f17a0cad4017929It appears that both Horde and Roundcube leak username and password credentials by sending them base64 encoded with every POST.
97b08619867c34b35aec04024d165af4b305d0dd191b1b372d1902b28ac961e4Secunia Security Advisory - A security issue has been reported in HTTrack, which potentially can be exploited by malicious people to compromise a vulnerable system.
163fcaac00b709953212382595b60b9cd0b544a09447df0e8b70a68624834af1Secunia Security Advisory - Corwin has reported a vulnerability in Online Dating, which can be exploited by malicious users to conduct SQL injection attacks.
c6521c2c698a4058c04d5b41600878c0b2d0f826fde2e9f884b8a4d47efb4d32Secunia Security Advisory - A vulnerability has been reported in OpenTTD, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
619596e9998b0ee7abb8e642b3166d01bfcc2bf50735a8c73a3a1c0629ffb7f7Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in America's Army Special Forces, which can be exploited by malicious people to cause a DoS (Denial of Service).
d85fa30663ca215acd6db177557450b6fffb9733c02aad8cb8e5eb49fd9d09feSecunia Security Advisory - Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
e2cd74476f29a23acd609161bc100d23a414db52b9ccd44bfcd931c08e449555Secunia Security Advisory - Debian has issued an update for opensc. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
18b51ae5f8207e6350f320b810f344ef4ab4cd80d59f6977997a6ce612bc5db1Secunia Security Advisory - Two vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions.
9e6022562fca1ccdcfb08a0887680abe3fbcdfc6ad391bd4cbc151b5c51a64d4Secunia Security Advisory - Debian has issued an update for httracker. This fixes a security issue, which can be exploited by malicious people to potentially compromise a vulnerable system.
54898dc85c6a86735fc8f7ee21abd5031f338dca98f7cf273afd2b91ddcd1a35Secunia Security Advisory - Two vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions.
e24cfa31093897fe4b364bffa9a3efb9d4ee8c8065e7982d3eb6ef4a1c5f0232Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1, 10gR2, and 11g (11.1.0.6) all suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
b7c3fb502ff84d70e4c0c2fb66964c3536ba8b850a9298c13cc3362c7bf78ea1Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1 and Oracle Enterprise Manager Grid Control 10gR1 suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
56edf5d6ee5dd6510a508c7efc4ac11881f97678fe069b1fecb203351962fe80Team SHATTER Security Advisory - The Oracle Database Server versions 9iR1, 9kiR2, 10gR1, 10gR2, and 11gR1 all suffer fro a SQL injection vulnerability in DBMS_DEFER_SYS.DELETE_TRAN.
b0e9da563eda5e5add0743b843609004a118c8e56a05f4cd45e4bf698b5f29eaTeam SHATTER Security Advisory - The Oracle Application Server versions 9.0.4.3, 10.1.2.2, and 10.1.4.1 all suffer from a SQL injection vulnerability in WWEXP_API_ENGINE.
b5e22befb6f5545994e31ab429556c724d4b8074451a9b877ac039fe66e9f6e3syzygyCMS version 0.3 suffers from a local file inclusion vulnerability in index.php.
11a2baecf1b93b0b8291665415c0f9659550f62ac36fc379f083887a7527d877Hydralrc versions 0.3.164 and below remote denial of service exploit.
97285351e3b713b8fcad2a902614ad20026cd6ed0b8d2637510ab91cc59ab42dThe Joomla EZ Store component remote blind SQL injection exploit.
a47ac002913e039047d9facff45dde2bf67999cbcf4a42d55827c5c361186267Xammp Linux version 1.6.7 suffers from multiple cross site scripting vulnerabilities.
57b8a51ac18dd88975e9ceada38974787acd354c47181ac96fa7e7ef4075c359Ubuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
208d9fa4ec91bae0914c869ff66a50adc922a82314b1dfa26695559e72d2bd49ASCII Art / shellcode hybrid called "Julia". This shellcode was created using Ars Ex Machina Coda. The shellcode will only work when it is run in writable and executable memory and if ECX points to the base address of the shellcode.
89cdfca38f956e1128ed018784978d1e02fff9f7c01ce163ba847b1d3b640bc1This is a very cool ASCII Art / shellcode hybrid of "SkyLined".
e752389d0a9b04a413b2b3d936d5fcf8f4d6d34efdbbe2e00c65ccfaa79fd27bThis is a very cool ASCII Art / shellcode hybrid of "SkyLined".
3f50a06a3908cc0e38e66c20fcc5a7aff47435b0847640a4d88ce552494096b6ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
8dcb8413bdec5b2645c6be276c089ed1840a2bbb09a85acc8a7876e61c9668b3Secunia Security Advisory - Raz0r has reported two vulnerabilities in Symphony, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct SQL injection attacks.
f54af7fca221fa5bba8d68871268201e3e0a686d70bff50ce3eea5aded3310bd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed