The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
303bf98e0f591d6f709a970bdf9bd33719dfae48984e1ea32cd38ac777639434PJBlog version 3.0.6.170 suffers from an arbitrary file upload vulnerability.
aa05c34403b18f8b8723e164837c13cb828217f0d5c82f9cc7952b3cc1ee74e1Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.
ed775f49cb58cbce91017bb067a323a636d2226e812c374bf0745a565ce2f3d7Whitepaper discussing fake exploits. Written in Turkish.
a9816cb42db8a09cf2338dce8146f07ce05b40a6c5ce0563e4ec0f6e40866dd0InstantGet version 2.08 Active-X related denial of service exploit that leverages IGIEBar.dll.
bf5fb906e57bea803146e0b19068369581f30992d5aa97409d63bbdfb891e161Charm Real Converter Pro version 6.6 Active-X related denial of service exploit that leverages prct3260.ocx.
1b6423e7f3691fb3e6474bfdfdb474a4c9dacedb9a5a9b3a6806e6605eed5c64QNAP Systems versions TS-239 Pro and TS-639 Pro suffer from a hard disk encryption bypass vulnerability.
d98e39994db1caa438772f437692be94d96e576714f5aabef3a10313bb200adfHorde Application Framework versions 3.2.4 and below suffer from a Horde_Form_Type_image arbitrary file overwrite vulnerability.
6b36254b02daaded256bbf6076bafdff753a55113f60cdbc47ec7d1dfe52ffb0The Avaya Intuity Audix LX suffers from remote command execution, cross site scripting, and cross site request forgery vulnerabilities.
1a3001936a103c3f421867c6c079d4255187d1bb1fb3aaea57235d8d2033c375The standard e-mail application that comes with the iPod and iPhone suffers from a man in the middle vulnerability due to not validating SSL certificates.
bac88e063695c7f4ceb162add1f4a3f7f90de5e74efea5e40f7b28a7f59a10f9Ubuntu Security Notice USN-833-1 - It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
0594ede0e071d9102c30e1b4419f0a7390db6da2071555df71bb54d1c31b10a9Iret #GP may suffer from a privilege escalation vulnerability due to a pre-commit handling failure.
1d79c7e09132c4b89fc124aeed234ca587643164955bcf1f2e6c6711647530a3FanUpdate version 2.2.1 suffers from a remote SQL injection vulnerability in show-cat.php.
744db41b616dc547e50bf04601d1ead2180059f441afa0e30ada5c85911767e2ClearSite version 4.50 suffers from a remote file inclusion vulnerability.
ef83f8ca1dd2b6c85ea01cc32307f83f8a77e54153f9b1c5de6deba8034bad63Gentoo Linux Security Advisory GLSA 200909-18 - A buffer underflow vulnerability in the request URI processing of nginx might enable remote attackers to execute arbitrary code or cause a Denial of Service. Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Versions less than 0.7.62 are affected.
3e186b6e8020ac6e5882ce73b38aedf1a23f65065e34c0d65c214ea8519421aaRADactive I-Load version 2008.2.4.0 suffers from cross site scripting, file disclosure, and file upload vulnerabilities.
c73f8131d8b7af1c98eaee0158df5332fbfc1b52e29e3faae8acbe5a3fe2ab6fBSD libc (strfmon) suffers from multiple vulnerability.
fccb5f8d285758bce65b9c03fd85ecf25ea963a141c4934e423c11d0003e39daMyBB version 1.4.8 suffers from a SQL injection vulnerability in search.php.
e23e4b06ed3aec14e7d8684c59c3794726b6a66fc56c1a81a52e4ff020d1d521Mambo Koesubmit component version 1.0.0 suffers from a remote file inclusion vulnerability.
efb5c9fea08d13b5a3b3bbf993d484a9aad392ec76f4a8866b888b284032c531Joomla Album component version 1.14 suffers from a directory traversal vulnerability.
65817241473da6ff177187f92fe4b582bc77f8ed759d35e4612bfc11cd43e1f8Joomla Budget Magic component versions 0.3.2 through 0.4.0 suffer from a remote SQL injection vulnerability.
5e3280dbc531b65cf29d14d162e42e5d67eb6cc1648eb201c5bb733d7e1030a0Joomla Survey Manager component version 1.5.0 suffers from a remote SQL injection vulnerability.
bbd3a4ddb1bca846385622baf657a229cca3c13ee21da1a0ebe58b7eaf7b853fXerver HTTP server version 4.32 suffers from a remote denial of service vulnerability.
9c9327de27d1577ce15bcdec32ce35e2d171a741ef1d0327dc85b21a0d11478dEasy Audio Cutter version 1.20 local crash proof of concept exploit that creates a malicious .wav file.
de3edf6b749226632d2f659d1496c04c485f6ec91726c7fc4f9f3241b0c5595cChangetrack version 4.3-3 suffers from a local privilege escalation vulnerability.
1a24316e8b2fab56fbbf912c6014e79a481b5a2ce5574ff448911085fa63e591
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed