BWMeter version 5.4.0 suffers from a .csv related denial of service vulnerability.
8476daffe3c151e34d74efc148c63294041d42df986fb7db49fee44d2123ab9dQuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
44d3ec57af0dc97b14b5c020752e414feebca30aa7690beb7e3ec23e8d74fa41Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
e540629c6ff9fde640ac60a02cfab398a398992ca4c964d45644c176ae77aba1YCrawler is a web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.
602e299d0d83a27072e94350f35ff2215599c2fc81c708ab79ed31bcc7d34dc0John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
2bbc034089dceb05f7284a0f997225b240d96b085ef8b399eb2d4b6aefb348d9ActFax Server LPD/LPR remote buffer overflow exploit that binds a shell to port 4444.
2ebd17d945bc423b321135f0783c3876ec973dd144c78277fde44d8e82cecd88PHP version 5.2.5 suffers from a grapheme_extract() null pointer dereference vulnerability.
03b8ac9c97cec89d34b8ed048ab62fda0ab9ae70423a1f1f02f86a029656b0feDebian Linux Security Advisory 2166-1 - Several vulnerabilities were discovered in the Chromium browser.
a6a76d3c535b5fb417f4e7106d5ad0ee7686155e667ca967a7c17a31f118f588Rae Media Real Estate Multi Agent suffers from a remote SQL injection vulnerability.
65fa9b69de034bc0b90de3020b374fc86d97b8ebc96effc1273e9273f7b3f5b3Rae Media Real Estate Single Agent suffers from a remote SQL injection vulnerability.
b8456af5393cf02c831f2afca6c026ff6d47bd9b3d61d87c1e751ebbb02852d8Whitepaper that goes into detail on the steps necessary to hide and extract uuencoded files leveraging EXIF comments and third party sites like Facebook that fail to strip the data.
e02a9efdacf2dbb1b333b7e4332c7ea69935dd1ff427b5a18569dbdc26045b5fA request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
ef5405a5cdb908fbdea9c2ca94e9485904f66d387638df61bed5396d7b39036aDebian Linux Security Advisory 2165-1 - Several vulnerabilities have been discovered in FFmpeg coders, which are used by by MPlayer and other applications.
b86d844f77a36230e7ea5dd52db346756dc5589423153d62a071288e7d8462edDebian Linux Security Advisory 2164-1 - Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments.
3c7165f169abaa8fe7fc4e48f066e16009452afff08998bc155b3bce7e40bb3bActFax Server version 4.25 FTP remote post-authentication buffer overflow exploit.
e372efd4be2ecd84eb83b01bedea71b0e1db048ce07a6fa000e38442781e8ff4Drupal versions 6.20 and below suffer from broken anti-automation and path disclosure vulnerabilities.
998d6854d0553d84a23f01ebfab42858ac12d515cef3a3c74af722f5b84febcaUbuntu Security Notice 1065-1 - Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.
92adb8f4be3a172b9daf23a25bcfb40f576aef58e5527fc907ecb89a7df62a69Seo Panel version 2.2.0 suffers from multiple remote SQL injection vulnerabilities.
4aeaba7c6b82354b1bb4d94a7be9784d7bdf4c44c32481a7e292675ea6477aa8Zero Day Initiative Advisory 11-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java Webstart loader of the Java Runtime Environment. When parsing a .jnlp file containing an extension, the loader will honor the permissions defined within. This will allow one to explicitly define the security permissions of their java component which will then get executed. This will allow one to execute code outside of the context of the JRE sandbox.
98b41896a0a5e3ce96407cf119a951881a4a9dd0776d496f10c73c727d9dcbddZero Day Initiative Advisory 11-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within jsound!XGetSamplePtrFromSnd. When extracting a sample from a soundbank stream user supplied data is used to calculate the bounds of a call to PV_Swap16BitSamples. By supplying a specially crafted sound file, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
0183d6ecb86380619b79711f01ae81870d70369d913fa06a21cd4512e75903aa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed