Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
35b14483edb6eb4c24deb70dea668722ee686b5cf981df519d2d85f0133835baTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
deee336e5fd0b8201a5922b8eeef8b3c102c45e8a040e67d5f22b203c85707f9Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file.
7467a687c181b918d29055d813fdff2b35ff940ae1ff53bb67f0cc1fd65c64a0Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.
3ec9f74a6f8a7195243bbca53f5c261bb5ca7143376fade47aec9053e7b0c338River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
eceaf0c5520ec0d47cf564935d3b7f14931412c77ad6575a55d21f8156f74d86Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
f7a85c3296d43faf3336a98acae9b827c5b8b25593c162960dd5abc90f5ef88cNUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability.
148116ce4e0a89b3feec62e659dc4ccda6cb5f0f9b5bfe169f2a0e30e6210116Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability.
898a9ec1e2686e42887fd8c47d82318e10ea7256c1f71177529701f29b1d0738Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.
cdc2165cbfbcfb0227cf704cdc43b1b691c05a0e17030005b9e81dcc9d32683eMhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability.
7a6b3638ceaf0b3171d2f2aa2d310335bb5d0330aa6ff2372afefa8e1a8fdcd5This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability.
cfd458989a8afba7f91cf2e94e4d8e76b599cdf51bb3698d539c553eb90282e3HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.
b0ea5f4bb7a1369ae935731ba537cffabd9aa60351797d73cf034f9815c87364This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger.
a1bf3f27171f32dee29233cb205cbdc4a03991a5c16306ba50e72d267e4f12e0This Metasploit module exploits a stack-based buffer overflow in David Manthey's Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing their victim to open an ORB file.
46ef3749fafdda88696ed761f5421d74f5a63031de7f9f8a7eedcc6d42bda3cdRsstatic suffers from a remote SQL injection vulnerability.
40e5ad5b8ab22b136411b1d6305a2131e5e2bebd4eb01ba990c79c42b34b60f0Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability.
ea0bc6af067b507336b4a9504121ccc06cd53f5e26033bc9cf839f9d8229fd21AEF version 1.0.8 suffers from a cross site scripting vulnerability.
d42c5711ebe70de5d5ae838aaac8eb94bda8740e2ebcdedd8b1a91850c9b4241IBM ENOVIA SmarTeam version 5 suffers from a cross site scripting vulnerability.
2a2209931b1ffd42b7662b43ba4d47eb79ceb56b8533c08525649d627220dac8WILD CMS suffers from a remote SQL injection vulnerability.
2ef6c6de7c512df15ecf788b46eb2ceca160c07482a93e71cab5df460b0302bcEleanor CMS version Rc5.1 suffers from a cross site scripting vulnerability.
3634b70921125932d5f632ed5bd3991d6e3c8cee48cb8ea8a6bfe0c026537297DDL CMS version 2.1 suffers from a cross site scripting vulnerability.
53746c2ef685bace801e81607293aff50b9af3c096f8e80faf59c70f1f7e0284Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
1e660607e5dfc124dfdf68aab869103d377209e3444d29b0dbe23acd0c6e32acThe Joomla HezaContent component version 1.0 suffers from a remote SQL injection vulnerability.
a0033e451e7d959946757d05c2315efa3a4b689b43157c271606cf913679feeeReverberation is a proof of concept denial of service tool that makes use of UDP echo servers.
14699b1e6d5e32f01ee4e0376b52b221fce84d7267f7896bf740da0191cc46baIntroduction to Win32 shellcoding. Part 9 in a series of tutorials.
c348962751540735326efe86583d329a1d5165a9eee59075a9f4cc774b7a452e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed