Ubuntu Security Notice 1568-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
6b9d34007c4882aed53fd61fb185c0722bb11d517e945749865f6f33ef7b12d6Ubuntu Security Notice 1567-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
a552c2e69546f1e16f0319e244f33fe12786e003870c90d2f57d54f57df37dd4Red Hat Security Advisory 2012-1267-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.
ebecc203c7e04d88efd06c185e8da4ce26edfe2550f01fc60ad98f74dcd02b4fRed Hat Security Advisory 2012-1268-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.
5a5972b72ed586ffbd6ffd738c1175d945bd835e8ee1421e32b31576a9ca94ecRed Hat Security Advisory 2012-1266-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.
5af1d32480efad3cc30f4342201d98c34ec8683c1105e96654890fad58076f93This is a whitepaper called Taller De Inyecciones LDAP. It discusses various ways of attacking LDAP. Written in Spanish.
dec8d85f1a07bc2d711c252c99af4c94eab01dceec060bd79489c9daec976af673 bytes small Linux/x86 Nmap default router services scan shellcode.
eba44ff0ad200eedf51987bb0b0229abe3206f8011b11dfebdffd9fbc460b183121 bytes small Linux/x86 man /bin/cat shellcode.
1f23c312df1064018158e04828ddd8afd600f9b3bfa0d16a31f90d173ea332c3126 bytes small Linux/x86 cp /etc/shadow /tmp && chmod 777 /tmp/shadow shellcode.
3281284185894711f02603966afa216e2b23233c3410d64c430071df5a8869c3Web Biz India suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4c8b887299c6bb74d5f1c320fa89562c99f21650029fb5407ef1a7bfbf936e82Internet Download Manager SEH based buffer overflow exploit that spawns cmd.exe.
6b1d1f0931da27bc6e7a701bad516d556bcb7d07ac95b7850477f687fe80adc6Apis Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
32481e797bcb310151a7e6e4bb4076e9e111381107140f68fa1c19723c254489The FCKEditor as used with Mambo and Joomla appears to suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.
f219a4b356a444e51fa698fdc29ad6feefbbc50579e18c529aa2e589001587d8Secunia Security Advisory - A security issue has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct spoofing attacks.
2763624813a56ed46860856311b9ebb3439d2d6f011205811b386a35a013d083Secunia Security Advisory - A security issue has been reported in Vino, which can be exploited by malicious people to disclose certain sensitive information.
9953d5b0b956fcf7b689377a9ade94ad14379497d2528c22d36831c1d93d9a5aSecunia Security Advisory - Francis Provencher has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to potentially compromise a vulnerable system.
237548edc60358a671167a824fddc34ff748c665a0f17e7328cc0acd535b0f95Secunia Security Advisory - Red Hat has issued an update for bind97. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9abeffc8f2c8c29f30b1afedc639d40be5d28cac652edba61c9167ff79c3e06cSecunia Security Advisory - Debian has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
d93c0ae723b9016dadd50ed7e8eeac4bdaa7da9a58a0e8de288b8e1aa7cd84a5Secunia Security Advisory - A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct script insertion attacks.
b502bd13559cf48bed88383d0aca89a1ec156abaa90c90b0133c04ca3cb1074eipv6mon is a tool for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time. ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.
f714a877de4fbf80126c4b8ad2e3496739695ee1eb3a914eae344fdd6325e138AsaanCart version 0.9 suffers from multiple cross site scripting vulnerabilities.
d012c781e38c2ca86b6dde2c8b0f0f267153528455524c83c5b4b438d1f74cfeApple Security Advisory 2012-09-12-1 - iTunes 10.7 is now available and addresses multiple memory corruption issues in webkit.
8f27ac75b6ce51b0fdc6c2b6f2d18541eb8e57e34aa68e9dc16e36ea16418c79Mandriva Linux Security Advisory 2012-152 - A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record. The updated packages have been upgraded to bind 9.7.6-P3 which is not vulnerable to this issue.
78d951a7fbb049be8ae3a444eed9539e697f76b92cd00ef591a1fa89759e1259Sitecom Home Storage Center suffers from a remote command injection vulnerability.
0e86a216a73385c42f5e1f3d018042013a88eaabb5e6776072ab9befbae3eaccSitecom Home Storage Center suffers from a remote shell upload vulnerability.
95301ce5c082876b54aa1eb5f0b12c6bba5aea60bc103a568674da684e52a0e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed