The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.
462408bdc01e8718198008a28270e15e8d655895eb901db07d5fd8cbd9f6f951Zero Day Initiative Advisory 10-255 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the quicktime.qtx. When handling the m1s atom an integer value is used as an offset into a buffer. Minimal validation is done and an attacker can supply a negative value. This can be used to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
e743adfc23625617a93318bd19885eeeeb5abf5b49c9c5b699cfd4872d7feb32Zero Day Initiative Advisory 10-254 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom's edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
139cc809d0c059254872f135291a688ea1043a19af78967c2b73a308d921d09cCarolinaCon is now accepting speaker/paper/demo submissions for its 7th annual hacking/InfoSec conference. This year's event will be held on the final weekend of April 2011. The venue is Holiday Inn (Crabtree) in Raleigh, NC. Raleigh is about 30 minutes from Durham, Chapel Hill, and Research Triangle Park.
739eb16398589338787f7dbedec3e93802a49ffda910d876d35472e859fa732dMandriva Linux Security Advisory 2010-238 - A vulnerability was discovered in openssl that causes a race condition within the TLS extension parsing code and which can be exploited to cause a heap-based buffer overflow.
8d8bab983693de56f15dd48c293aed4eac01f540c4c2b349e2fcc812546759eaSAP NetWeaver version 7.0 suffers from a denial of service vulnerability in the Metamodel Repository.
5e2e562201a583c2c83faeee154e85b823b0642aff4fe38ac6116e1056d89383Clansphere version 2010.0 Final suffers from cross site scripting, path disclosure and remote SQL injection vulnerabilities.
25dabf00545e30ae465558516506040459d01ef306d3df23018fd0318091f959E-Commerce by Ifthen.nl suffers from a remote SQL injection vulnerability.
e81877bf3cbc6e602a3270e06e269504c6a79993bbe5c00538bf9fb245bad5f1Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
fb1fb8bac53bab476142b5556140c59d589bc0f45d3dc058f400f2edada77a33Cisco Unified Videoconferencing system versions 3515,3522,3527,5230,3545,5110 and 5115 suffer from hard-coded credential, service misconfiguration, weak session ID, cookie storing of credentials, command injection and weak obfuscation vulnerabilities.
34574a022d1b743eb1e6b83e30eab653ab9cf93cb2d80db1668e365bd9c2323fOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
4e7b4e2fb33ee2d97c5e143561ab495dbbfc08f0a863e617a0c7adca19017331A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.
3c02ce4be86ab211c5aaeb2ed6d0d97b6f752cfa3e0c3e96191e40624f2d9085Zero Day Initiative Advisory 10-253 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the application's implementation of the LZW compression when opening a certain file format. The application will allocate a buffer for the image and then decompress image data into it. Due to explicitly trusting the decompressed data, a buffer overflow will occur. This can lead to memory corruption and code execution under the context of the application.
fe374b74ffd3ec1fa3b226c2ad62ac1ca58d5897d87d84a8c4412186329c9887This whitepaper is a IPv6 hacking reference that discusses everything from subnetting, socket programming and more. Written in Indonesian.
b0f05b75eebee6354176ef8175792142ac356dde6a561f5f90e471877b9d3a91Vtiger CRM 5.2.0 suffers from code execution, cross site scripting and local file inclusion vulnerabilities.
ded3215c44adfd32a956127f5f678bade57d06fb1464aae34530de82afd5278bSitefinity CMS suffers from a shell upload vulnerability.
7ad8218caad9032981ca6bb9e20d51013e7357e78dc1cfa0354df51b28d99a36Trend Micro Internet Security 2010 Active-X remote exploit that leverages UfPBCtrl.DLL.
20e0e5c29a061662abfb93bf2ab57c0045e3f149baef2042da93e7c456c8c5c4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed