Galix version 2.0 is susceptible to a cross site scripting vulnerability.
ea37257ee871870d8689cf712d58ce07955c7f84d75ad80001399a5b45f19f66Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.
6d75a479fb91127cfe155527d798ba0fa54676e421f165fdc5c35388873d9eb9Ubuntu Security Notice 453-1 - Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.
d2415436c221760108a5ae8ac3c590c87efdb79bc5892488672c23b508e46581Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.
af821d60c5943917a00431dbce91939ec5641db70437f462bbc64ff57193d46cA vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.
c68d1abda193e0c11f283735950b98df7c0f02cde1ca790898b0e4241dba539eA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.
0086b2a823788d685ea92d803990861bcded3e23445dacfce850f58fe17c0922A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.
7695b29a5b73a990141587afaad7025ba20336a322848f36046e521d84262f61A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.
a56905b28f18536776787ff58703784ae3030dd3b225c7e8a7e6187e035b3646A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.
90a41cead20143889d6a2f43dfaa84ad08429adb0c36d1b17c84c1dfcf42c1aeNuclearBB Alpha 1 suffers from SQL injection vulnerabilities.
c84bf59b26a6b7865eecce90ea8165e16d1a96e7b7992d7db410b25ee4f9fd75Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.
e2719905e19ea0ea42e881bdd6793b1527d1bdebb9522c082597bf21d1f8db5eDatabase Security Brief: The Oracle Critical Patch Update for April 2007.
a465cc3fe3cd6f9d61436789abaa6d3353a89cf58084fac1c54a1b580479ea9aFuzzMan is a simple man page fuzzer that is quite powerful.
b41eb2bbaca1c7754894834de2761da65eb830c1f3a61c8c0c2d0798df220f24Call For Papers hack.lu 2007 - The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. The convention will be held in the Grand-Duchy of Luxembourg from October 18th through the 20th.
eaac3ea8228b8cb1eddb1409516fd47e6b6ae19b3df56ffdddf72e7c3d234a3aWhitepaper titled 'Advanced Exploitation In Exec-Shield: Fedora Core Case Study". This is an excellent paper and is in both PDF and text formats. Please check it out.
a8e5761dc6549e813b9928348cdf9f0062dfebc993c77dfa6cf7367eb33624afThe Oracle Discoverer Servlet suffers from a flaw that allows for the TNS listener to be shutdown.
6cd2e4a0b0c557d28f86cc4b2adb74c3a579002df62bea34f5fb4e09d883e8bdOracle Secure Enterprise Search version 10.1.6 suffers from a cross site scripting flaw.
7aff1e9b18ed5ee3a39d4482abc354b9e1131595d41325b2d9bdfc084897e7dcOracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_UPGRADE_INTERNAL.
9167b0d43caa7db52dbfb7cc46a2cf827743d33ea95fb3f95418a2eb2d069b6bOracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_AQADM_SYS.
1d36561760e55a09bc52dc5e4fef603f3873b8856b518f5b9405b4d4f1cfa6f3It is possible to bypass the Oracle database logon trigger.
abf861aed916223bb9344c108ae7bcdecf70bbde07d488f29de921d949c8a625NukeSentinel suffers from a flaw that allows its SQL injection protection to be bypassed thus allowing for SQL injection attacks. Details provided.
a0761fb5d7d1ba3484d24a977e6059576b6267995a6e2bbd6de82ece70ac09cdiDefense Security Advisory 04.17.07 - Remote exploitation of a denial of service (DoS) vulnerability in McAfee Inc.'s E-Business Server could allow an attacker to crash the administration server. Prior to authentication, an attacker can crash the server by sending a malformed authentication packet. The server will read in a length from the packet header, and then attempt to read that many bytes from the buffer. By specifying a large length value and sending a small packet, the server can be caused to read off the end of mapped heap memory. This will trigger an exception that is not handled, and the server will exit. iDefense has confirmed the existence of this vulnerability in McAfee E-Business Server version 8.5.1.101 for Windows. Previous versions may also be affected.
8bc4f01b1ed452757f795d37e2d51d7aa843a15603fc3b59cd4c8f0d3fd0709ciDefense Security Advisory 04.17.07 - Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. The McAfee On-Access scanner component contains a common software flaw that leads to heap corruption when dealing with overly long file names that contain multi-byte characters. This flaw only manifests itself when the target system has East Asia language files installed and the default Unicode codepage is set to a language which contains multi-byte characters such as Chinese. iDefense has confirmed this vulnerability in McAfee VirusScan 8.0 Enterprise. Previous versions are suspected vulnerable as well.
dc247c8098d41291932ea959f77c83db7d97fb574d5f30d056f350eca5dc2103A remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console. According to the Sun Security Coordination Team, Solaris 10 Operating System, Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console 2.2.4 and Sun Java Web Console 2.2.5 are affected.
e84f0182902982fef958571d637da96cc79aed6c17e01ebeaca169efc5ba049fShoutPro version 1.5.2 arbitrary code execution exploit that makes use of a failure to properly sanitize user input.
39d759ec9630f4c9c37f666e411c62fe6157febd06eaa7d748a8d829b822d424
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed