A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
556adc16dad6ca3f4873f33810b698ebf5dfd71151e2fd435143e01f45c5066cDebian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.
d45dbbe7fa51ef7a30834fdc072c235fb62211ea1d381d9c18fffe4027dd77c5Ubuntu Security Notice 1493-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
77525d18fe3903454b40d845ae40d20592c749585227b9b425eaaa4ee7df89b9Ubuntu Security Notice 1492-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
5c008bad4bf5b5e6f2d1edfe0b628bc54eaa408b4b6b43672c68f300dcd7c96cUbuntu Security Notice 1491-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.
da9199238227f76fc593b9934eb5128793f02fc7a4f1b881de72ef364cf8b2fcUbuntu Security Notice 1490-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.
8f1a22f35dec0021c950b54a8ef4715f583605a9e928beaab4afd45ba2ffe802Ubuntu Security Notice 1489-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
a0160d2bf1976d1fe7a48540546da24d592052eae3d9e80102788a8201dfa773Ubuntu Security Notice 1488-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.
9ff2c344a22dd177a74b4584652f72e70cc7becfc17793c4eb7ac7dc1549d124Ubuntu Security Notice 1487-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
818704e55d7a06e1a37274e59681ade1cd3395e22dd1ce9e2a161df2bcedfc23Ubuntu Security Notice 1486-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
ec7dfba0e891878772a737bc7291e76b065bb2ab7ad0105a3f6c7511633de311There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.
0341418c409c2905c278b5539d3f0236be8f96cdfce5f9140782b205443ab209IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.
cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8PHP Money Books version 1.03 suffers from stored cross site scripting vulnerabilities.
28c37410044d56ed3d43c475e197fffb8cafc605053dcc62a4fa1bfca5ebdb61PC Tools Firewall Plus version 7.0.0.123 suffers from a denial of service vulnerability.
4447ecdb0363561495e738164aa0f707a038ec3388d0a37f183ac75f3c8b355dSpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.
37c481c86f91ff979c1f2a14452d4bc1fc45aaf6d60f55ae0b180aa752d19d99PowerNet Twin Client versions 8.9 and below suffer from a stack overflow vulnerability.
01ee7bdceda2abbcd11f2723950b87df2788e5314ddad8946094bb92071a21fdThis Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
c3e73b5fb622e5d0d8dee9cca23a811ec375673bedd92228a5733bc9287c407bThis Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.
f96c770e59d9d05308428a0fe45cb31107b3064402edcf2653bd604b617ffe44Lefigaro.fr suffers from a cross site scripting vulnerability.
2b6001bd8c7d5624b2c4fc19842dac3f602962123078d63d24ee986593e31640Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.
f62fb11dd66093bb0cdd30237cc9c4c7d0fce7078ef39c6a4be17144b9bcf514Hi-media suffers from a remote SQL injection vulnerability.
17ee62de993a1e79a03aca02af14eae5006cd8b1e1305748e7941e113e0187e0B2CPrint suffers from a remote ASP shell upload vulnerability.
07aa64e3542baf26914c58bd60df81bce81243de8587811fbef33dcfab8b6757Kongregate.com suffers from a cross site scripting vulnerability.
0b2d9442e574b62a25db9e9e8fe869f6944a116b8512276d2ea69ee2a436d646Ghana50.gov.gh suffers from a cross site scripting vulnerability.
73ada375439d3064c88ce6153b874b1a88c0ae18dcb6c12029f1bda5bb23ec25Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Support Assistant, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
71c9253703bf5bf2d581cc9ee2ab76440afb59136515badd54ad8abcf4ac4b92
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed