Whitepaper called In Memory Fuzzing - Real Time Input Tracing and In Memory Fuzzing.
5f17a79e44e4710a2c6be2a50c1140bfbfcf921c190973a2632244749e1065ceMS10-070 ASP.NET auto-decryptor file download proof of concept exploit.
583ab327079e0f73d7b6ed0c839ab545a54adb9b2e531b103d46a58fa7667610Mandriva Linux Security Advisory 2010-207 - A vulnerability in the GNU C library was discovered which could escalate the privileges for local users.
f405d8ffe59773887cfc06a8a0cd395ef6f4c45e1f6042074edec9ef29999e68Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
9e4b2be1c58a1b6fb4e5fd4754d105fb259fa4aec02256e6c79df5c9a684e20bUbuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
ac95c0836d012f7bd93526e4553d961dfa07e7147255fce74bf2ff82b74446d1Ubuntu Security Notice 1007-1 - Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length.
648f9afee39487efe955eece570e465a21e61d1af8895a0f7f6a13aadb5d0b4dCore Security Technologies Advisory - A statically allocated buffer is overwritten in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitrary code execution by cleverly overwriting key pointers in memory.
16f418d01c3fe817c1a749abcd16851913080fe6ee2a92f1103496773afe342bsNews version 1.7 suffers from a stored cross site scripting vulnerability.
f74a1472aa89f4890bf502a1eda8d6a82e0f2e84f9094b1180c43ff4116d5b94Ubuntu Security Notice 1000-1 - Various image updates have been provided. Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packets. Various other issues have also been addressed.
6b36ec4068d40a47c3a69616c6e9e4c23c26d91d6ae30534472022bde895c2cc4Site CMS version 2.6 suffers from a cross site scripting vulnerability.
5b33334de63db2f944e6c9093dfb77563c53528c6c3bb344662d1ea3c93ae6d0Tribiq CMS version 5.2.5 suffers from a path disclosure vulnerability.
9079eb1e8c4bdbf74aed5cb58eae84c0e9c7e7855e1c627879fd8e1313e33efeDeluxeBB version 1.3 suffers from a remote SQL injection vulnerability.
afc4892328dc347311ff4cbe87b7fbbc3334933f8e453bbf2dd30dc1a122c54fvBulletin version 3.6.1 suffers from a remote SQL injection vulnerability.
e1eb3d388da11c00dc9be594c878990679dda896dbcaf95aa0383b2488531777Winamp version 5.5.8.2985 stack overflow exploit that creates a malicious .mtm file.
1a48d03ff344bd1f13f53912e4959ca1e6eda8f76602c782e228002a946ffd4fThis Metasploit module exploits a buffer overflow in Fat Player 0.6b. When the application is used to import a specially crafted wav file, a buffer overflow occurs allowing arbitrary code execution.
7b207e157e03544e160929ab34671bcd3b540a6779b07f615673383d33fa2fefSecunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a user's system.
b8a94eb67129286c1d077bfd6a79b4c1bc63077f061c72de71ae9a0f5de70992Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting, cross-site request forgery, click-jacking attacks, or compromise a user's system.
018c94a9cffe63a57294109cc6322b610df86075826716ddeddbede86ef7723eSecunia Security Advisory - A vulnerability has been reported in HP AssetCenter and AssetManager, which can be exploited by malicious people to conduct cross-site scripting attacks.
8afdebf551b002d3f2e0598a773b6fc91471e53b3905b16e3b1ec9ee30d6af7dSecunia Security Advisory - A vulnerability has been discovered in sNews, which can be exploited by malicious people to conduct cross-site request forgery attacks.
21ade46f76d835a76fc1b3e6b6205423a004ebb7692e14db3107d55771dc5c23Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS and potentially compromise a vulnerable system.
5b23e388b61694fb21b389dd7203c61a7ab77dbbab5d717adb9fc67aae151546Secunia Security Advisory - A vulnerability has been reported in Explzh, which can be exploited by malicious people to compromise a user's system.
11fa0b49a9898dbcc6cf2a2814a1c95c00b271e9ce3828feba5979f8921c3036Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks.
92d664f4cd8d4f58d9776791a687318a861f48f8b0d8243db70b17da47149898Secunia Security Advisory - A vulnerability has been reported in TIBCO ActiveMatrix products, which can be exploited by malicious people to compromise a vulnerable system.
8c61555bf094edf22e678dd63cbadeae6b376178c6401a2754d29718448559dbSecunia Security Advisory - Tavis Ormandy has reported a weakness in the GNU C Library, which can be exploited by malicious, local users to gain escalated privileges.
76619b1950e180bc76dc20770d3afd3ce7596d1d17c1cf0007767b5eadb46310Secunia Security Advisory - Fedora has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
98210e382dd2535426f783d12355a9ecbe0073c43787ae13fa8ab787ddc196f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed