Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
c800a9c7100145533df8300c9ca9eb4514a7c1bea12adc78a2c14e81e1b7f5a6libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
791c8d58fd56cdf03b0effaf88d905a167ed9f10de82a14a81dcbfadfa5dd1e8Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
187d0df2701d51c09b66f120cf6f1a62c4161e3e58dc84f893c1e5c7ccf30262tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
08bffce569ecfb92666deb365ac447fbf418296a2596ddee2a9d20f48ae89bfbManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
959444dffbd02b6f50852d15e6bf3e65ea95d117752d0931f7125a8fc43fc020ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO.
caf5aa07a2166d5da4d0ccfe135c71bf2e693bc1c093432fae00b8d6cad43e6aUltraBB version 1.17 suffers from a cross site scripting vulnerability.
beaa49354032d201c71fa5d121caa67794cc5df875d4cb0f71bd2d1b3ec199caThe Hackito Ergo Sum 2010 Call For Papers has been announced. It will be held from April 8th to 10th, 2010 in Paris, France. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking.
75dd88cd3b189d2be1783b8f965a67f8f53321ff9a5e75a6325ef171690bbfa4Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy.
27283437e55c2c62aed9182d72eb69558bba3101caba3c71f12ac46c3330f727Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability.
49a96a235936a4f16057a684a9347f2409a1210c041bdc48c5a1289866909cb2Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability.
30dd84617d9ce84b3d41f5b1bc3e2e303150d39f552af503d88c9a54d11e5534Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability.
d2657460d81351d1806058b7d53de8269f9a28bcad275f33c70a5ebd5c9954e3Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe". Successful exploitation may allow execution of arbitrary code.
0be07e3454c4335293f7036664394446114f031ad3ce641712ec0a15dc4861efRemote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products.
7756c7d033af4f9864f0db35014155628c4e407b538d8298529b17e02cf6d28dThe mobile interface of Facebook social network was affected by a cross site scripting vulnerability.
c7302bf39fcec502bd13d11cc9209826ade631c914ff3a356949aa5373e146f7Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.
a3dd6b890e3a6906e98d16f6b73224fceeac934f3d11f6b154ead11101018b3fHP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.
3a2944ab6bd78ebaa7b6059e4ffb72e3d2aaae297f9c4d337f50bcbaecb4d3a7Debian Linux Security Advisory 1990-1 - Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries.
e3f55d1e66c7f9de47b294e99a53863f01a4c1357211cab8ca05031b0da4e130Debian Linux Security Advisory 1989-1 - Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
600a25e9cf40b3bf3f884de4728b6e3fccf45ba4b8534418fc1639fa74a1d5cdDebian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
daff4db55b92a0c5e04d3a443abe998e05fbfa184d6e3c2ab937902ece2db1a3PHP Car Rental Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d2aef4dca69bc0cfaa05b03fa1a605c034fe12b7a3e94d18401ed8b01b1e54f0Digital Amp MP3 version 3.1 local crash proof of concept exploit.
27eb43e29a38dc9454042da6df4c9bf74e574e23934ec53b8553a61e7dfa3b77This archive contains all of the 517 exploits added to Packet Storm in January, 2010.
080cbd4f806d5621014f8cd81e4742df51f47f92fed730b75bdac16a8c398021Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
ed247a23a4a721231ab601cb13642ba322e0aeee864ee320958bfabf405c7869sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
d95c12100597728e871cc1a57eaa3bcac3d0fbf46688039b116b09c10ae08632
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed