By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux.
bc46bdf127b13616ebd5b44a7bcba711654e92899537c4c70c898cd5d96217a6VMware Security Advisory - VMware addresses an in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages.
01a45ebae3605a3c400cbd4ce5d054f72ec5ac917c678a7e64d411f691300d89Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue.
e87336d272aa0fa7befce21c24fe58db23bac3604b093f6100a5f4f014144c58Mandriva Linux Security Advisory - Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache. The updated packages have been patched to prevent this issue.
3263d16d5b4df29a8e6dd30063a4c78ff742b8f68bb089d78bb6aac7b65460a4Secunia Security Advisory - boom3rang has discovered a vulnerability in the Recepies (Recept) module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.
12779e2aef4ef9e9f46ddfb0c307e70fb8bc16e34ac7c2b104517cf0eb2010d7Secunia Security Advisory - Defsanguje has discovered a vulnerability in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
831b111414f76c7268ed49dfdb70ff228c862f40ff33040373fac24fe3ce3eb9Secunia Security Advisory - A vulnerability has been reported in Nucleus EUC-JP, which can be exploited by malicious people to conduct cross-site scripting attacks.
a5f89f6f75c6f0ecff587eb1124d4e78508d22f3d75d38159e712c14c45decdbSecunia Security Advisory - SirGod has discovered some vulnerabilities in JMweb MP3 Music Audio Search and Download Script, which can be exploited by malicious people to disclose sensitive information.
98a7335372ced27656beeaa37c8ffa77bd71f93e616bbe254c98415a0c37ff9cSecunia Security Advisory - dmnt has discovered two vulnerabilities in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.
8ae2c5607ab9b3e3303853bfc8864035f8f1b8b3fc5f89a8ede6530968f3e081Secunia Security Advisory - S_DLA_S has discovered a vulnerability in AmpJuke, which can be exploited by malicious users to conduct SQL injection attacks.
c737931718b7a243064ad88beb91cd222be697f07788e9b869fa715916b85fe1Secunia Security Advisory - Fedora has issued an update for pam_krb5. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
a2ee3e6380bfc0c23fc0abed9695724ad33937a3eb490f6c40270de6ad305a67Secunia Security Advisory - Fedora has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
0af672521d19c984ad4242330aaf69d1c3201698826a0ec2bf11e10faad1eafdSecunia Security Advisory - Ghost Hacker has reported a vulnerability in Website Directory, which can be exploited by malicious people to conduct cross-site scripting attacks.
667f0ad6dd59feda2ac88c72233f0b4efb858e504b196b0cad67a4172349ad35Secunia Security Advisory - VMware has acknowledged a weakness and some vulnerabilities in VMware VirtualCenter, which can be exploited by malicious, local users to disclose sensitive information, and by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
c4eb61daa3b2fe24d9bb179b8884b9d04ae8f8137c4f123477cb6dd046242baaSecunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
2d5be59a918eb5ee5b4014f7580fb651123b9600c390e863b7f5c1031717a1cfAyeView version 2.20 malformed GIF image denial of service exploit.
a26efce99b915a43ca4e002a869bd19a4b941d48f2d685aee352d3fd8d3637d1FastStone Image Viewer version 3.6 malformed BMP image denial of service exploit.
1284870a3663271c1cb591c5d3c901ee6735bdba22a6e9148b08bcdff01391e4AyeView version 2.20 invalid bitmap header parsing denial of service exploit.
9ada5ff4a3bb577bc6fa51dcabf831e6a852b7dad6b7e60fdc54fd6afbbb3fc4Microsoft Windows Vista access violation from limited account denial of service blue screen of death exploit.
c1f3a692fc163324f440f798f6db2fa7d92396e6f59f7ed7e36df7e9ad735bafHammer Software MetaGauge version 1.0.0.17 suffers from a directory traversal vulnerability.
b7c38dcf52a5a106beaa86d8e29567cd70e6d8a1d3f7b880295137d31cfcfc8eMIRC version 6.34 remote buffer overflow exploit that spawns calc.exe.
7395c86dff59c0fbcb031226149a38324b2c0c6eba091636a7a3542528089724
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed