This is an AES-128, AES-192 and AES-256 implementation for FASM. It uses the x86 32-bit instruction set and operates completely on the stack. No additional data segments are necessary which makes it easy to integrate the AES functions in any existing project. The implementation is not optimized for speed but for easy maintainability.
cc0cf8acced2ff663cde433a3b46fe8c8b9f9998d39d248c5e164872917db1a6Worstpreviews suffers from a remote SQL injection vulnerability.
1d11e1d42d7c07005b6b1ac13785647d8bccdd8500c54f091e798930812cd3e4EditWRX CMS suffers from a remote code execution vulnerability due to a mishandling of data passed to open().
241c1c8935feedd8aac87ec4e8b3ee245ae2c33af855493ff13b3c8915bccabdEven if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
71d5feb9cc956c726042c458e08a52e135cac25deae5200ce474ea31c5489a36Weibo.com suffers from a cross site scripting vulnerability.
71579623fdc0050b720d587b0f66016b36079fabd0b0b1a6478b7998afcedf82Red Hat Security Advisory 2012-0126-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
3b7ccb288005567bcb6ab370f9280d8682c2ca10e865207f64c9425f27b41889Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b6e05a59af39b290a68a9fe97a9154b04697ee0e444b07fea716715d9493bda2Red Hat Security Advisory 2012-0127-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.0.95.
51ec5aa443b31cc3fbfbae0baf62f34d096c8be6722ee6b25491be1880b0313bSlackware Security Advisory - New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
324ce26decb8d41cdd4235e0b46d83973c6dffa1a1d9e6d628218c5bfedf43a5Slackware Security Advisory - New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
d467bf0fb12717043790ccfd6e59eb28498e8ecf815ef2844607c9165bc79f17Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.
d918adbd8e8a933420c61087ab85772332adaaf1a957177ead0deb868b6d1325Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
495d0e97ad605d33e3ed8ebbdffa82eb097bdbd6c031ae53360b075401528d81Ubuntu Security Notice 1364-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.
e847291e2956e9eeb864470a8ac967e656c915178d520472524b2f9834c84e45Ubuntu Security Notice 1363-1 - A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.
00db81ad81883140a2fb9f8a3cf95426da7934bf25c0269359abe6ac6c16194cDebian Linux Security Advisory 2408-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
82bc112c3ae5a1c3e880ae7ee49fd18cbe0bcac498163642bc3c0450ca859d5dUbuntu Security Notice 1362-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Various other issues were also addressed.
4a24383a035441c5df124967edbbc89b78b8a16d002c2b220c6894c7c573a97fUbuntu Security Notice 1361-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Various other issues were also addressed.
55aee48caae7e8b3bc23e1710a94503c57f4ade96b00c0e13103c514389168c1Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
f0e3f2a3522dbb09758f1bf08f0d15a04e639581a43300707f483dc4b76ee08aUbuntu Security Notice 1360-1 - Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.
6eeb7529319b14c9ed9d8b524c4624c763dce93f196cb4ca9029ffa2c7b54870Secunia Security Advisory - A security issue has been reported in Zero Install, which can be exploited by malicious people to conduct spoofing attacks.
1ad7dcfcc43aaa2a48f55d4ddf49c59c1d30a0c4221eb115aa2896c247577ef7Secunia Security Advisory - Slackware has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
2062bfa78e01243a6c31d7ec38b41d1fe4a26ee30426eaff54f6901a2a10459cSecunia Security Advisory - A vulnerability has been discovered in PBBoard, which can be exploited by malicious people to conduct cross-site request forgery attacks.
cecdf6a5506b77c2646e6c3accf4a2a589ee395a034e62ba3ac358626a042c78Secunia Security Advisory - A security issue has been discovered in NetSurf, which can be exploited by malicious, local users to disclose sensitive information.
e8cb94ec721803c383c3570dac9c810fd9c6128809478a03e2f9a5109fd37c64Secunia Security Advisory - MustLive has reported a vulnerability in D-Link DAP-1150, which can be exploited by malicious people to conduct cross-site request forgery attacks.
37b65bd8fe51d9516c61c5da610d20fe9a4d811a8077bbe2fac35c0142a5daf5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed