Microsoft WINS service versions 5.2.3790.4520 and below suffer from a memory corruption vulnerability.
84385a490b727e9d04e9626854b82614cbe512ecafb6f93a84f0f8991c067a96FortiMail Messaging Security Appliance version 4.0 suffers from multiple cross site scripting vulnerabilities.
be546ae6f0c8d5fa8dbeae37a31bcb5ee98757b246b536fc5a2faf03ab620c4fCore Security Technologies Advisory - A security vulnerability was discovered in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally in order to exploit this vulnerability.
63a99e0648400fc4a825807649566b16a5329ecd24004648e3f3de7fcc0edde8Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
a884a607ae27878afcfbd52fadabd7a11a89958104794a34bd7e1ee987079abeThis Metasploit module exploits a vulnerability in the coreservice.exe component of Proycon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution. Also, after the payload exits, Coreservice.exe should automatically recover.
6b02358e406abc5384ec6cc6943c4b62bf2bebc540cf1b912151572b9b5615e2La Poste FR Website suffers from a local file inclusion vulnerability.
2a168f784c9464df5bb15e19a372edbdac4d31039925360d71f5cf61a759807fLa Poste FR Website suffers from multiple remote SQL injection vulnerabilities.
7c8e34b62e4ba7fd750f0084274abb7e5f8b0698ecf0711af8f650dfbda886cbBarack Obama Website Service suffers from an input validation vulnerability that allows for manipulation of mails from info@barackobama.com.
aff76b30114d96a540f6ee6845fbdec7314be58af23fce558803643e14e5b451FBI Jobs Center Website suffers from a cross site scripting vulnerability.
3abb1ead492c78b9457df4f09133c25846f197813da7e63fa40db9ce2a818de7FortiAnalyzer Appliance suffers from cross site scripting vulnerabilities.
c0e3048326f3314f8001e5a5642d92e40a25d98ed6db5d39e9a82a38198bc72fGeoVision DVR Remote View suffers from a session fixation vulnerability.
f04da1deb03e3114795c239f85ef99722474d30bc05424836a67cd05331dcb7aArgus Surveillance DVR versions 2.3 and 4.x suffer from a cross site scripting vulnerability.
da784bc012cf322758517e53752c04359280bad3f4d550294f5bc1439906a0f1Google SketchUp version 8.x suffers from a memory corruption vulnerability when processing malformed DAE files.
3411767536cf9d6b2fb7141188de04b80de60ea989af8ff7a0b822590f2074a8Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them.
5aeb974041271775d2797f33f606f42ebe41ac2480ecbba6cd286c2ec7fba100YouGetSignal.com suffers from a cross site scripting vulnerability.
34bf13ec227983c6394fc8060dbd73bf805c842f30fefb4921e8536455eb2050Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
5c11c01a960f568a12c3f67e3d3a95b84fe85db2801fc75ceaea8e5ad67ce77ddotProject version 2.1.5 suffers from a remote SQL injection vulnerability.
72adfd5adfa50ebc3ab3d5d1b82701adfe9057bb3be66bdaa0e8df3fc5a84fe1Secunia Security Advisory - SUSE has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
ce8413382f7685bb6e016daa8adae3df156da735252be165b4b29073099bcdd7Secunia Security Advisory - A vulnerability has been discovered in ScadaTec ModbusTagServer and ScadaTec ScadaPhone, which can be exploited by malicious people to compromise a user's system.
21828bb4c1318143fa873847f650747346c3db318c835a0d3af1863502b709bfSecunia Security Advisory - Luigi Auriemma has discovered a vulnerability in PlantVisor Enhanced, which can be exploited by malicious people to disclose sensitive information.
3e2a6423fd0d51c70b885f808e0ae34f9d955e6071f246b75b9b96b65be4467dSecunia Security Advisory - A vulnerability has been reported in EMC Avamar, which can be exploited by malicious users to bypass certain security restrictions.
66016be58a440c209facade213ddf273a159104aaa1d7e0316e17b24a857c9fcSecunia Security Advisory - MustLive has discovered a vulnerability in the HB-Cumulus plugin for Habari, which can be exploited by malicious people to conduct cross-site scripting attacks.
e44b4f499d4c9f4d48a0ca7499c3cf87803f418e73e558676ce4a5121689cbe8Secunia Security Advisory - Debian has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system.
b7239b6c4e769843041672d71baf072c50f67fc4b84e0b0b7d70b0407e5491e9Secunia Security Advisory - Multiple vulnerabilities have been discovered in Movicon, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
a795c24794f61fd294a083d207eb76d0cf96f1945cc53504c35231286259d4e3Secunia Security Advisory - SUSE has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
ce8413382f7685bb6e016daa8adae3df156da735252be165b4b29073099bcdd7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed