Apache version 2.2.14 mod_isapi remote SYSTEM exploit. Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause a constant DoS by looping this (since apache will automatically restart).
c783414f79f43dcae00ce4cd44e85c324652565b650c7c405e711ebdd5c30075By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.
90f73578fb832e46f16d36335ab9911e89d608d85ddf6502b6fd7c3f8e006935Mandriva Linux Security Advisory 2010-056 - This update provides the OpenOffice.org 3.0 major version and holds multiple security updates relating to integer and heap buffer overflows.
74b7eb99fa9e572af2880279fa7eb4f4842de76630658a18025413b76abcd582Cru Content CMS suffers from a remote file disclosure vulnerability.
523cc7e9539b82349e231e34a659d25dea0e81a82243e0f81879dd40a0deed9bThe ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities.
bee0a8f7594f3657d6643476cfedee7d3fee1c4555768af16fe7f3bde6ab4720Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected.
0882671fc019f10145475cd894b03e06c77f59799dbbcde50b40394c2be3d4eeMandriva Linux Security Advisory 2010-055 - Denial of service, buffer overflows, integer overflows and other issues have been addressed in Poppler.
c1f39ccb7ae4691e51e96d2b4dda262462f9738eabe92c6b916c22a54e98557dAdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc.
dcce7bf4b916b166e1a6a4571c36f88fb61258c125eb3adfa0dc30770328021cSecunia Security Advisory - iDefense Labs has reported a vulnerability in various Symantec products, which can be exploited by malicious people to compromise a vulnerable system.
566dd8cf83fd70edf4a05b5b0d2844d7e15035558428720dccd52acb537f87d8Secunia Security Advisory - SUSE has issued an update for MozillaFirefox and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
c8ae8c4a28bc9580599f7a3af41e2eeb6f751f24d97e592aa8b0339dadeb2d8eSecunia Security Advisory - iDefense Labs has reported a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.
015c8b62ef09d4a17fc7df45bd3f1fabe814db7ef69a18667da02d1a35fd6c38Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya products, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
1a59fbccb80629e654554214b37652c34bc8400009610384ac1fbc1418bc9603Secunia Security Advisory - iDefense Labs has reported a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a vulnerable system.
bfdc354e3be84d885a40a40895348d1db2d17580d19123663aca859a2f81a21eSecunia Security Advisory - Some vulnerabilities have been reported in CA SiteMinder, which can be exploited by malicious people to conduct cross-site scripting attacks.
cf93d9f1a7c8a53470fd71ddfd9706fdf2212d9aad44fa2335b0db370138e771Secunia Security Advisory - Easy Laster has reported a vulnerability in smartplugs, which can be exploited by malicious people to conduct SQL injection attacks.
10e4731e0bb75d53281438dc0b7ffa15cd09b11cf60c84ea59e75f602434cdcaSecunia Security Advisory - Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in J. River Media Jukebox, which can be exploited by malicious people to potentially compromise a user's system.
80622e0c4ce6c5263e126e49082d38b75e48931e13aab23a0f9f650b11fa8650Secunia Security Advisory - Some vulnerabilities have been reported in ePublisher, which can be exploited by malicious people to conduct cross-site scripting attacks.
e537fc79e0472f1752116f2496d888fc541d0f85191db923726f060de39d30f2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed