Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
0fa6f5de7bdbe3290ed0ede01f2bace1adff3a4674976586858e62e0e8ba2d18Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
764b4680811098ad5654daa7aacc0274f9de6ab81bef5b8286b792367f7e802cEMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
1d0445ba9e2d754fa11ecd05aaf43d0b4ef3dc02e0430db42104435fd5421234Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
ed4e76db85a1968d96d0b168a230dcf62722f0fc8e23574007b3bcc95e50099cWireshark versions 1.4.0 through 1.4.12 and 1.6.0 through 1.6.7 suffer from a DIAMETER dissector denial of service vulnerability.
e6f77a65be835da3e603a103f2c0bcabc8223ab38cfca9aa785e589fc21ac947Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.
e3de518339a43d0a5f512990af923fedfb53c8e45b810e538dc48e45374c8f12Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from a misaligned memory denial of service vulnerability.
6f40723d1c25a14ace173c31accd9416895fc2c1be2de9994389ad008ea69ad4Jaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability.
17bcc9a70dabb36b21745a5acce3fd83ccd2bda58d99ebddf8329eeee0b55a99bsnes version 0.87 suffers from a denial of service vulnerability.
27d8383734f9c7ed9fc5d3b879938acc56c7b08d1cdc6b9cc4f08bae17606375Mandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
10a172fbdd9a1956fcadc521595975f06bf508f0c5f7cc83e8e96be95744ada7Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
5a829776586783c6e948605b05d02fbaa7cc8b630bf68572c37757028b44c81fThis Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.
7f7fa7d76079ea7a99a629f8223bcb4b881b275d2d9b9c051e830361276e7852This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.
ecfbba7aea3ed45a511e747ceee47ff495011c2a8d081ea91351b0810e76feccRed Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.
5d3d94c580242304ad1db49f92b8d1b2db7dde614f6355c09efaba9df53cd86dDebian Linux Security Advisory 2479-1 - Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.
5e62d60e907638254c3219bad9aae0a157a50cc91b3cbaa54606ea417f886ce3Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.
fa49469a07a4c2e333f036a694c17b0a83d1f089b43d38e1c25cb2dfb19e3c66Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.
3b977734c077d0a8b53a81dede80897dca3542072cb2371b9fec6ca89ec6c4abSecunia Security Advisory - A vulnerability has been reported in IBM Lotus Quickr for Domino, which can be exploited by malicious people to compromise a user's system.
19df3425d40faaa71b7a01048bbccae0da66ea610c7d23677cc0f5376352beafSecunia Security Advisory - A vulnerability has been discovered in Jaow CMS, which can be exploited by malicious people to conduct SQL injection attacks.
ebc058729c8fa49563976442ce8cba0f79250e4a09fb4064f1413bae4da06da5Secunia Security Advisory - Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
71ae0977cd6471f470e24207acef816402ec306aa61872c11bb662a6088d2f93Secunia Security Advisory - A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
c38b9347d50954c559842e03b6c1385e44ab45daab3c8fbf92075477f56b28d9Secunia Security Advisory - A vulnerability has been reported in the Taxonomy List module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
2079874c6056698377252b7148ee06f0a6017d82424720ae19aaa9f33b1d9876Secunia Security Advisory - Debian has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
45916e02ab6f88324abc68b37498ba0d6555327630b36320f4e11555c981b7d8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed