Zero Day Initiative Advisory 11-154 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gsoap.exe module exposed by the webserver that listens by default on TCP ports 8093 and 8094. A remote user can send an specially crafted SOAP packet with an invalid 'password' closing tag via a POST request to the web server to trigger a buffer overflow in this module. Exploitation of this issue leads to remote code execution under the context of the target service.
9eeb0f5fc625589a4915b9cae5ca9b82741a4442e22f1b54cb70500a7bd5f052HP Security Bulletin HPSBOV02682 SSRT100495 - Potential vulnerabilities have been identified with HP OpenVMS running Kerberos. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.
deba330be58344603284826e84811bfbbfe925a41948fff53b13f556755e818bHP Security Bulletin HPSBTU02684 SSRT100390 - A potential vulnerability has been identified with HP Tru64 UNIX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
aebdbd5943edbed6f159028af47f66fa472e98bb6050c7a673b5cea40d33de86HP Security Bulletin HPSBOV02634 SSRT100390 - A potential vulnerability has been identified with HP OpenVMS running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
dd3eda6f3c1f44c6304dc1182012d147c1d3c05d72154924bef68f24ec389573Whitepaper called Security the Kernel via Static binary Rewriting and Program Shepherding. -
18ae1bdd7e29da68b73f1ee47eb588a934ffcd5e35aad3d0fc3709c3bac2a3e3Glyptodon is a little file-system analyzer for Linux systems. It is written in bash and it comes with an installer to make it run everyday automatically. This script writes some general information about file permissions, socket, ownership, etc. It also verifies the file-system for potential risks, such as set-uid files, world writable files, symlinks nouser files, etc.
0c9a68bfb2e52bdc81f2316f067d7f264897eb737ada4467537a3e3f11c576b8When given a wrong number of arguments, a number of perl functions will attempt to read memory from an unmapped location, resulting in a deterministic crash.
b72775fe46f3e69183620de7109ecf5ba3fd1540d7eb6d3c5323b82bb1325925Opera up to and including version 10.60 is vulnerable to an arbitrary memory write of 0x00000000, 4 byte aligned, when processing an html page featuring a SELECT tag with a very large SIZE parameter.
630fbf78a70da7125a10c3f5ee2b547435896349a5687c315425d7f9e3ea9851A reflected cross site scripting vulnerability in Ampache version 3.5.4 can be exploited to execute arbitrary JavaScript.
2c031f381e8f5eeba932231724913927673a5d79539752522ee73af4cc60731aA reflected cross site scripting vulnerability in ECoder version 0.4.10 can be exploited to execute arbitrary JavaScript.
b07513e742762ea47f23b8269c3e5208e9e99ca02617d14ddd19d55087bfd9e6Exponent version 2.0.0 Beta 1.1 suffers from a local file inclusion vulnerability.
0ba0b4b54f5f90bea32c1a57ebffe2355097938d7cabbc3c5b3020cab2989e09Whitepaper called VoIP Security - Methodology and Results.
19a9d026719f565c18ff28e79f5f73877a8cff31f458c85c1ae0292076d199e4Whitepaper called Remote and Local Exploitation of Network Drivers.
20560e7adb32319870905329c882032975643950db301bd93d3951faa1ad2f0bAn arbitrary upload vulnerability in Exponent version 2.0.0 beta 1.1 can be exploited to upload a PHP shell.
12a4ae5b35c590048dfadc45867cf588dc993b6e953ffc2772aaa050fcd3a9b0A reflected cross site scripting vulnerability in Gelsheet version 1.02 can be exploited to execute arbitrary JavaScript.
b3f3b9b95de061c47af70d9ea4e999fd94ee0bb2c2e92e6d27945f4c8b6ac585A local file inclusion vulnerability in GetSimple version 3.0 can be exploited to include arbitrary files.
62619473fe9392a22a52334b24d039bd3b46c38757aaf0f3fcd7a1e49f3f342cAn arbitrary upload vulnerability in phpWebSite version 1.7.1 can be exploited to upload a PHP shell.
f3cf7eeed0e142ae1fd2df50651cc4ff52f1a275d702fe16ad06c6065341a522A denial of service vulnerability can be exploited to crash Serva32 version 1.2.00 RC1.
39ab74456449c1a36d67a2e41f9ae3a631ac80cec6b2df0c2e500a2a02e7f705A directory traversal vulnerability in Serva32 version 1.2.00 RC1 can be exploited to read files outside of the web root.
36ef686f24a435eddbe553ae5e744a2ddd3c73ecea4f76a2fabce8cbc90b03f0TCExam version 11.1.029 suffers from a remote SQL injection vulnerability.
900162c3dfeb68ad88e2af92c699d344c1a2c090365b7b9f726135337f287e5eSecunia Security Advisory - AutoSec Tools has discovered two vulnerabilities in TCExam, which can be exploited by malicious people to conduct SQL injection attacks.
b3c333aec30a1832f297041184e2d632ba2a856d31d7a52514a257bd60a33ae3Secunia Security Advisory - A vulnerability has been reported in Skype for Mac, which can be exploited by malicious people to compromise a user's system.
cfb7882ae04fa4850943964256f5003da5c69d5d1499fd997b87368f075dd995Secunia Security Advisory - Fedora has issued an update for asterisk. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
c02240e1d95745a4131050d626d1a49601ac621c9557008a1ab794095a07e46dSecunia Security Advisory - KnockOut has discovered a vulnerability in DORG, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ebc7ded77eb8ab0e8c09e000bfc35b62942c1245cfdc819a9486fa5d66040ecbSecunia Security Advisory - Debian has issued an update for otrs2. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
765b4faf5121921120cac794529be11b160a206f63d11485e3af1444eaff34ef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed