Secunia Security Advisory - rgod has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
8ca838d389bc5a6d9f3ad46602b768d9795036f43cfedd1ede53839ac2ebdb3fSecunia Security Advisory - Some vulnerabilities have been reported in the PECL phar extension, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
4d3bbd200f0579a40b2a835db5d2f0f72811853217e71b3111995b48f8d015d3Secunia Security Advisory - Fedora has issued an update for perl-IO-Socket-SSL. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
bbd62fed4980fb4bc0a3791899a0efd566fdcac7020d49804cf38de2a8b432faSecunia Security Advisory - A vulnerability has been discovered in SocialEngine Music Sharing Plugin, which can be exploited by malicious users to compromise a vulnerable system.
fdb9a1b8ffe07e647d69dfb0c11b6034b981348a6e00a28baae1dc7ff9704d48Secunia Security Advisory - John Leitch has discovered a vulnerability in httpdASM, which can be exploited by malicious people to disclose system information.
85880f2d58ff8eb7eff54886a01d202616d9050c66654732aede035bcbec8099Secunia Security Advisory - A vulnerability has been reported in Ideh Pardaz Easy Portal, which can be exploited by malicious people to conduct SQL injection attacks.
ca90a61d8c0bfcdfb26ed31b93416e9525d28c6e477115f64cca7c1c75664cf4Secunia Security Advisory - Janek Vind has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
fa765aab7aa3617bd66915ca903706474a5d30913f0d3cf1f6d12580897c66b6Chaosmap is just another network mapping tool. It can look up DNS names using a dictionary file with or without a salt.
f04fca84f94249e3967be6dc27fbef44a114c4cc30bc3fc9ad6725ff87953c88Microsoft Windows Fax Services Cover Page Editor (.cov) memory corruption exploit.
38392677c85a82b9969b7d0008e18d2146a9d58995622384260f9a6004234ec8CruxCMS version 3.0.0 suffers from cross site scripting, local file inclusion, authentication bypass, shell upload, and remote SQL injection vulnerabilities.
5375e0a5494a05b2ea69af210a5d3d1856065f95387bd5c4db520a4274857a70Pligg version 1.1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
a4b977de49aa1f010340248f34dafceb8357165d75c9d7d5b3a405ab75de0860Asan Portal suffers from a remote SQL injection vulnerability.
466d652bd90858c69426408bbe2e8972b048bc168cb7c25484b1faad4b1f0204LiveZilla versions prior to 3.2.0.2 suffer from a cross site scripting vulnerability.
f6edeefe91536b6d753f952535513ed99b5fedfaf49618dcb53bf3a41941f022Zero Day Initiative Advisory 10-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component used by the the Mozilla and Internet Explorer browser plugins for iPrint client. When parsing an HTTP response the Connection response length is in sufficiently validated before being copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
b5172e44a55440caca829a0e3c9c9bff6d4ce99f97233fc051e0705a09738a92Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.
7102053c920ae264843dc40d0a21522a645ecbba49d6f4df097245cfdadc92f8Zero Day Initiative Advisory 10-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
a2dc5261e2ebca49ad9b9e56b4a8249c7cad6f31d98330db68fcf278f1a1b1dbZero Day Initiative Advisory 10-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint client. When assembling a URL using the user supplied call-back-url, the value is passed into a urlencode function where it is copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
0aedc93a06314c97bfd0b51a3074c516453bf76cee04807f000703bc99639072HP Security Bulletin HPSBST02619 SSRT100281 2 - A potential security vulnerability has been identified with HP StorageWorks Storage Mirroring. This vulnerability could be exploited remotely to execute arbitrary code. Revision 2 of this advisory.
aaa0797dfb14d4c1908eaee02d181801c6ace74cf07fe336cc296364f5d6415cOpenClassifieds version 1.7.0.3 chained exploit that leverages CAPTCHA bypass, remote SQL injection, and persistent cross site scripting on Frontpage.
6821ebbc330e3b9f6d23a296ea9c5198596f11f20095f0d1a2423f3880e93a21Sigma Portal suffers from a denial of service vulnerability.
593b1cbc190866506dfcef5f9d9f43fa59e91023a3ad7d364d5ecf5288b68e9dZero Day Initiative Advisory 10-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an HTTP 301 response from a user provided printer-url the process attempts to copy the returned value within the Location HTTP header without ensuring that the destination buffer is adequately sized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
65ced00f19a79e903c62e1325190e092c6ab2ede41c7a1d3bd23b17a3e2ba098Zero Day Initiative Advisory 10-296 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
98e4858550b4ef9237d6ad86f8954eeb693c4594e6e60b203817c71911209636Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
1a444b90128533e815e8cfb508e60327b810b7bd2bb1a698ab98b745fc9317a3Whitepaper called Writing Simple Buffer Overflow Exploits.
b6a068f95d8506debdbb0b649228a40f2892304ec1e6abf7820a0602965ef614Web@All versions 1.1 and below remote administrative settings changing exploit.
f8d27969b53893e2eb3f8f56f6ca3224588ae76337b77ecd6eecd6f3410fd24a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed