InCoP (Invisible CamOuflage Protocol) enables the communication between secure systems such as NIDS, ideally located in isolated networks. This hybrid daemon is capable of hiding information by learning from the network and, in a second stage, of sending similar traffic in order to hide the messages as a cover channel does.
c768e433735d4d709fc03347480e852525e812532fc5d8ba45ee91d978044d24Mandriva Linux Security Advisory 2012-109 - The XSL implementation in libxslt allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct this issue.
dc8ab75689783fd73ff8eed92cf10fede40cab98ea6318b17769701db4617cd5Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
8c8bb030e17e5411417b68b186f12f4c547e4fe82b46c174807e0d6a29db2919Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.
6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34cThis Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5MySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.
9ef08e7e97feb92f78a981eb4bf8bf5381847ef326753e6e48890bc57bb3df6eNessus version 1.0.1 for Android stores the username and password in cleartext.
431b63271cbeb833e8b77bb7acf8523e8c996d9baec5986af6a90caeab756c6aUbuntu Security Notice 1515-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).
908d6a9a0c0821a79bc5cf79e57840b3dad2e4da19e3a8fd156866d4b8a0c82bUbuntu Security Notice 1513-1 - Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
478214c4d3e32e1c8fdcb76337db0b554d6781b86f323a6fdbd0ee1bf03843a4Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9efRed Hat Security Advisory 2012-1110-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
bf4b7f97287a52171592309210c2633fc1a28c7720d8f80f2637a9c2ad1314daDebian Linux Security Advisory 2508-1 - Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
7aebd5ce5840f094d51d7679c7d9ff0704d0af681bb872fa59cd27000b552673Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bdAtmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
02f37f360dac212fc971b316fb483fdb2f286cf0500b33dcd6659f153fdbcbc9Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.
33d2c7451eea8c45146663fa6330e2747966d6816d1ce83431c543d2238e56fdSecunia Security Advisory - Red Hat has issued an update for pidgin. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
bbe8b8a13a8759aa76ee2d4095f61901a84b6ed2e09c8c00b0a232f11aaea3deSecunia Security Advisory - Ubuntu has issued an update for kdepim. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
4a48c29355c901db7a58c2539f7016b5382827856f3003be6b070f04837c1d5fSecunia Security Advisory - SUSE has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to disclose and manipulate certain data, and by malicious people to bypass certain security restrictions.
295967b07d9b8c0c3c7a63261ede90038f91b9931b4f31950ae32d1c6cf79a0dSecunia Security Advisory - A vulnerability has been reported in eCryptfs, which can be exploited by malicious, local users to potentially gain escalated privileges.
8ba5c8025cdf31999a28147d2f47499f570c07465bb4b5fbf42b379f985d5a5dSecunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
f8ece62afc884cf65b261b5719c6466a3b7e0223e1c0449f6c96743abbb0c8f1Secunia Security Advisory - SUSE has issued an update for gdk-pixbuf. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
9de06b7aefcac4a72445a823fb9bfac3fb5e4a5ed0ea96eb64d7b988f8496286Secunia Security Advisory - A vulnerability with an unknown impact has been reported in TeamViewer.
009cf31aed01a4c1fecb832dc5182eb58f9ab74b6b4c73bea48845fd6f17c2e5Secunia Security Advisory - A vulnerability has been reported in X-Cart Gold, which can be exploited by malicious people to conduct cross-site scripting attacks.
34ce834b5144fc0a829154d65e4128faa6374c62e1cfec75e9fed85a86929122Secunia Security Advisory - A vulnerability has been reported in Symantec Backup Exec System Recovery 2010 and Symantec System Recovery 2011, which can be exploited by malicious people to compromise a user's system.
719ab45fb3798af57f8e7d371b3ae750c366e6981150628cb7b629e5f296e755
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed