FreeBSD Security Advisory - Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer.
4b21def402ce048506cd636e20e57f215a29c797ecd2817b7359d5b1e52ab3efFreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
6794c843e62bd2ba63abb24337495791f839e4e7e47cd54d93099e0868941ba7Mandriva Linux Security Advisory 2009-255 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. This update provides a fix for this vulnerability.
f3f9e8ee12049b47c2e5e12b2f4b377f180710935b4271a52f7fbdd3d5117d7cDebian Linux Security Advisory 1900-1 - Several vulnerabilities have been discovered in PostgreSQL, an SQL database system.
7cf95a5b4b5379495365a7d9c2e99fb8b82f1358d4735f28b563993b1b2f99fdDebian Linux Security Advisory 1899-1 - Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols.
5a16cf35f56ccf5c3f540c745131cfd5b654a1639247c08323a854f9603d3373Debian Linux Security Advisory 1898-1 - It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
dcfced34b0416aa67a4b67e9662316ba344fcbd2048ab0da9180035dc94c6f8eXM Easy Personal FTP server version 5.8 remote denial of service exploit.
67c0b6e81b5e9af5bf0eb198ee9807507eac1955336c4e62a9d5cbb1757dc416libc:fts_*() suffers from multiple denial of service vulnerabilities. This affects multiple vendors.
60fdb0c5abb5e3ce9c4855e6377fd45eb308fb523b2c8e1b8e6eaf4ed9349437VMware Security Advisory - VMware Fusion 2.0.6 addresses a denial of service and code execution vulnerability.
e42d079c45012fa881f28c5390bdad571e98c1894d430ba2e284b282a444a287VMware Fusion versions 2.0.5 and below vmx86 kext local kernel root exploit.
e7f5e9e8c798c64fb10b90de146aed0b833f16823573eae15d700951ec501d04VMware Fusion versions 2.0.5 and below vmx86 kext local denial of service proof of concept exploit.
2f0f75217ef642a0341c092f97d1dd8e4a5dc186f4d5553eb2c9cd2a09f8f5a7Secunia Security Advisory - Red Hat has issued an update for elinks. This fixes a weakness and a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
873a516a66e9940d788e385f2c132788d1e653faeec43c15961a38446db10bd4Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
19eb471a5ce82e70f1b44b3ad627abdb22570880368b2d97358edf2648322b15Secunia Security Advisory - A vulnerability has been reported in SugarCRM, which can be exploited by malicious people to conduct cross-site scripting attacks.
35f6b17494d505a592933690fa59f64f1f6be74f7bf8cd56b550cfc97b1535f4Secunia Security Advisory - trotzkista has discovered a vulnerability in the AOL SuperBuddy ActiveX control, which can be exploited by malicious people to compromise a user's system.
5228feb829d22d73bc5075589d41b31a405c9636899540b32e1d25bfb230b0dcSecunia Security Advisory - A vulnerability has been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service).
973e6b53cd1219c72446aad8c14f38c401a878a87509219d3119025e0dacb855Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Cerberus FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
b16c2141a0c4bbec38d48134308c4a897160a1752948874584e4b99e1fc17b78Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
36250f88b0f0698ce2d7b3675799c4f33449f1a9b5fd3d21cb6ba7a07a716149This archive contains all of the 313 exploits added to Packet Storm in September, 2009.
d46cb5916f9a629366d398eba398dea47d410840fdb5a1676ec174e7090055e7MAPDAV, or the More Accurate Password Dictionary Attack Vector, is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user's password. An administrator could run the output through a cracker and see if their user's passwords are anything easy to guess.
a85f23646d4ee39319a904f5d91fc16bc707b6e3e334c7029bd440f3a9c4ca69AOL version 9.1 SuperBuddy Active-X control SetSuperBuddy() remote code execution exploit.
3592f47118efc0a17c4a423fe28643dd4341b4e3aa4bccaae4c5bbd159a299fbGoogle Apps googleapps.url.mailto:// URI handler cross-browser remote command execution exploit.
0c678e6cf7fc660120636d96067744edfdfd49cbd4c321b556f33790b0924c47Ubuntu Security Notice 840-1 - Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If a user were tricked into opening a specially crafted Word document, a remote attacker might be able to execute arbitrary code with user privileges. A memory overflow flaw was discovered in OpenOffice.org's handling of EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.
8293f41fe661ea4e468fef9ffc48fc7fddd5debb4623133345eba02eed0cbd99Ubuntu Security Notice 839-1 - J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. Tim Prouty discovered that the smbd daemon in Samba incorrectly handled certain unexpected network replies. A remote attacker could send malicious replies to the server and cause smbd to use all available CPU, leading to a denial of service. Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, would not verify user permissions before opening a credentials file. A local user could exploit this to use or read the contents of unauthorized credential files. Reinhard discovered that the smbclient utility contained format string vulnerabilities in its file name handling. Because of security features in Ubuntu, exploitation of this vulnerability is limited. If a user or automated system were tricked into processing a specially crafted file name, smbclient could be made to crash, possibly leading to a denial of service. This only affected Ubuntu 8.10. Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled permissions to modify access control lists when dos filemode is enabled. A remote attacker could exploit this to modify access control lists. This only affected Ubuntu 8.10 and Ubuntu 9.04.
4f0c9ac114c1548958e5f616590708327ff29bbee5a4e6d2370a6e40f4bbd33eRooted CON 2010 Call For Papers. Rooted will be held in Madrid, Spain in March, 2010.
4c641bff2daacc3d712fb9f265bdc1f3a15264a59686925df787707cedb8adc7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed