25 byte shellcode that checks Retrieve PEB->BeingDebugged and if a process is being debugged, it crashes.
6f80afe28a89782e2ec55e95f793b6cb366bd308000d924a3c962b3714cd8aa7Ubuntu Security Notice 496-2 - USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.
b48ad1fd14ab595468a419a8f32c81e18286aa18e1e3e8dc109c6cd072d501c2iDefense Security Advisory 08.07.07 - Remote exploitation of a heap overflow vulnerability in Apple Inc.'s mDNSResponder application may allow attackers to execute arbitrary code with root privileges. The vulnerability exists within the Legacy NAT Traversal code. Unlike the core of the mDNSResponder service, this area of code does not rely on Multicast UDP. It listens on a dynamically allocated Unicast UDP port. The vulnerability occurs when parsing a malformed HTTP request. This results in an exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, Server and Workstation, with mDNSResponder version 108.5. Previous versions may also be affected.
6d4ffd82d1feb8bfe7a7063ef0cd7c374ce49e3b42b3308f79af1c4ab79d31a6Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a "CAPABILITIES_RES_MESSAGE" packet where the capabilities count is greater than the total number of items in the capabilities_res_message array. Note that this requires an authenticated session.
6782bf2d6ac72f8bab74a44c546cf27f72e55a525d134e95c06a05a5ff82cc07Debian Security Advisory 1352-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. pdfkit.framework includes a copy of the xpdf code and required an update as well.
9ca9636a117ba33125cacb14b9d31ddc094e35adfb6f27dca5eb2629053db177Debian Security Advisory 1351-1 - Tavis Ormandy discovered that bochs, a highly portable IA-32 PC emulator, is vulnerable to a buffer overflow in the emulated NE2000 network device driver, which may lead to privilege escalation.
9ed5c8afb858c9c2a354d2364ee837d57689c94bce926bb2f49654d04cd69604iDefense Security Advisory 08.07.07 - Remote exploitation of a buffer overflow vulnerability in ldcconn allows attackers to execute arbitrary code with root privileges. By sending a long string to the TCP port that ldcconn listens on, a buffer overflow is triggered. No authentication or data validation is performed. iDefense confirmed the existence of this vulnerability in HP-UX 11.11i. It is suspected that other versions are also vulnerable.
6a40f61622abf67fb1152d6b4a99faa9cfeaa866e4d77c4a1f18a5861021c829The interpreter for the Ferite programming language is susceptible to a denial of service flaw. Exploit code included.
0ecbbf35fa412d96096bb0bc89f6da784791689049b08c0d1129131ff4698fb1Google's custom search engine suffers from a cross site scripting vulnerability.
f055badf6c13861932c4e808371522508f461a1dff85f24b1da694f6a17d4485VietPHP suffers from a remote file inclusion vulnerability.
f96d85528c734c4a6e084b3e5f9121593cc0718b43f380556b49ceac71f9c058The C-SAM oneWallet web admin interface suffers from a cross site scripting vulnerability.
15fe21b92c8c2e05f33cd1600df0ce66dbf1fed15db78d41640ab7acb4a29a88A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spools named pipe. Several RPC functions exposed by this DLL do not properly verify argument sizes and subsequently copy user-supplied data to a stack-based buffer resulting in an exploitable overflow.
2aa85c8573749f248e3c8693b58a6f7e6de06d9494966a16468c73f6670eb079Konqueror version 3.5.7 suffers from a URL address spoofing vulnerability.
53cf2249e77cbd494d6b351f2f6b62156b2a3abe63908fe6f0efeac2dcb62025Ariadne CMS suffers from a remote file inclusion vulnerability.
26f0be4e087bb27c13f73b3833745d69e2151e751654b070e6a42900864e8a06EZPhotoSales version 1.9.3 suffers from cross site scripting and php shell upload vulnerabilities.
70518c493709d823450218e62d3369de7998ea2cc23a3b49e38a1385c539ec0dDebian Security Advisory 1350-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. tetex-bin includes a copy of the xpdf code and required an update as well.
fffb21c8991279690441a2515c661592680f44480edf89a3d6e3cabe1d0849b2It appears that cissp.com suffers from yet another SQL injection vulnerability.
3b2f4c0c7353d9fa05c3755227594ebfc61ecd2b11132fdd6f8b419075175095Template Security has discovered a serious user input validation vulnerability in the BlueCat Networks Proteus IPAM appliance. Proteus can be used to upload files to managed Adonis appliances to be downloadable by TFTP from the appliance. A Proteus administrator with privilege to add TFTP files and perform TFTP deployments can overwrite existing files and create new files as root on the Adonis DNS/DHCP appliance. This can be used for example to overwrite the system password database and change the root account password. Exploitation details provided. E
b0eb22efabd9f01f0e33d402c05a54ce9da6497be21f0ffd6bbb01e08c0d5664HP Security Bulletin - A potential vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to poison the DNS cache.
d938f8755a2b2e12e0b9d6384c695b73abab4ee365c4eb74e0f96fd31d576393HP Security Bulletin - Potential security vulnerabilities have been identified HP System Management
bad94072ba0de67832d1266e25833ffd96de150db9736aa61c3b1fa67d1c6f2dDebian Security Advisory 1349-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. libextractor includes a copy of the xpdf code and required an update as well.
a1b3246eafc60040081f3d8c0ba1f846370ca79519efc89287e6ded95b7b3642Call For Papers for the TRsec conference which will be held September 8th, 2007 in Istanbul, turkey.
30a72ba2d8d51978e55f377ee185c8181e6c2179aeb9d94c9fdf9bf517de1f9bC library written to implement the functionality of Google queries into C related projects.
135efb82700e7d3117b9caeffbc267fd572f84133cfe5a370c23d799c910c8daAL-Athkar version 2.0 suffers from a remote file inclusion vulnerability.
4e595aed5810f15d05d860bf6e2ccce6b8ed3bcf48f9c0e505c90aac63773d57All versions of vgallite suffer from a remote file inclusion vulnerability.
a1e255eedc76f5a079c412451c825407890c01dd98a0bba16f392315c642d4fc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed