The Clockstone WordPress theme appears to suffer from a remote shell upload vulnerability.
c5c62b70f95fe9932f14fd229bfe88499c762fcf65f2241447059818767b8ab3Centrify Deployment Manager version 2.1.0.283 local root exploit that leverages a race condition in /tmp.
38f44fe5235206c1815107ebecea1649a3da90ccbf7baa70c756abbb16cd7901Enterpriser16 LB version 7.1 suffers from multiple cross site scripting vulnerabilities.
aa91eebfe06d0523d5a5bc5c93c855ec94ee4813c161cbd2081469cf89caa728SonicWall SonicOS version 5.8.1.8 suffers from a POST-based cross site scripting vulnerability.
69736c270ef6a91bbb98fe08a560c38028dab2cab42b016f68ad8173c6b98034MyBB MyYoutube plugin suffers from a stored cross site scripting vulnerability.
5442668c0b43e318f6415ef1ecbfd2ae45e2284829bd212ed0c8016ef762a3eeMyBB Xbox Live ID plugin suffers from a stored cross site scripting vulnerability.
7e0ca0889c7441be6bab586be3052a685789dc0fb626292b68cecb36254a3a25MyBB Profile Skype ID plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
5e013aabc0196147facbf7738386c71c57b37bcc6a6f4f5840cf55448e173435MyBB MyTube plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
d325c54a1faea9eed66d459ba6d4bbded28e0f02cd268edf7ebc3bf3a722f7cdMyBB Facebook Profile plugin version 2.4 suffers from a persistent cross site scripting vulnerability.
3b097c11871b6cf5ca13bc88715d08e215a08bdee3fffc396cb40fc0ca2f5733MyBB Bank Transactions plugin version 2.0 suffers from a remote SQL injection vulnerability.
b5222aa3da9434e51331f92cb0cbda2b2fa97e5fbd76eddfa0fe0fd087c25916This article sheds some light concepts pertaining to the WAF-like feature functionality of mod_security in Apache.
0cb4b60c0c3ea5e263be963453ba59377f9eef3408d3895a2c3f2a4dddd99595Firefox version 17.0.1 crash proof of concept exploit.
8f52c23e864a01cfd2602317604d93d20ad4e5ae9071d033b024a5a3778f49ebSecunia Security Advisory - A vulnerability has been reported in IBM Intelligent Operations Center, which can be exploited by malicious people to conduct script insertion attacks.
98e42d1353764d69bcf6170002bea46509fda2bea8338cb8a83bc345c3208a7fSecunia Security Advisory - Ubuntu has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
24dd34427f345f8b85df8839658486917fa3b2a1019c573e241a4c42c3b77808Secunia Security Advisory - A vulnerability has been discovered in the User Profile Skype ID plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks.
fcb3f67d335c94b425c94822809f23a41545563df6b35dfb8bc095697003d49cSecunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM InfoSphere BigInsights, which can be exploited by malicious people to cause a DoS (Denial of Service).
f538aa4be5579c353697ab75160b9ef339f95220c003bc9427c1cbf7a2b7df6bSecunia Security Advisory - A weakness has been discovered in SANLock, which can be exploited by malicious, local users to manipulate certain data.
263badd31e09775f064a03b6ac0a3306613886c8fd16109706f4f3d8e027cd95Secunia Security Advisory - Ubuntu has issued an update for aptdaemon. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security features.
0957d9fd29492787eb7fdcac56b396308650c801c82e4deb862ada2ad291e907Secunia Security Advisory - Larry Cashdollar has reported a security issue in Centrify Deployment Manager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c9a94a6b154988cc85919cc2ce544f50a3aaa3bd4ea92941c2582a8b39c87fc1Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
9505c4923c53c57875cde1cd38531218ffa5a1ea2a4261e9af3f86b7e75072fdSecunia Security Advisory - Deloitte has reported a vulnerability in Axway SecureTransport, which can be exploited by malicious people to disclose certain sensitive information or manipulate certain data.
ea793890490460972141da64818304548906565818890d02edcb657c1b7335b1This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.
e2e444f4f608cf2a5267e52972251a3f6dc63fb45578a2ac18f6eb5ad4684ec0haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
d47db0cf9a58f7ec9877eec543a062f01309916f569639c27a8b0dd004b24541Recent security research seems to indicate that a number of IPv6 Neighbor Discovery implementations fail to implement basic sanity checks on received packets and/or fail to properly manage protocol data structures, being subject of trivial Denial of Service (DoS) attacks. Additionally, some IPv6 protocol features allow a number of attacks, ranging from man-in-the-middle to Denial of Service (DoS). This document discusses how to conduct a security/robustness assessment of Neighbor Discovery implementations by means of the SI6 Networks' IPv6 toolkit - a free, portable, and fully-featured IPv6 security assessment and trouble-shooting toolkit. Additionally, it provides pointers to ongoing work in this area, such that the aforementioned issues can be mitigated where appropriate.
00689e040da9e663b0fd1da9b9db7839be24c443cac8af491a0154bbdf4e6c94Neighbor Discovery is one of the core protocols of the IPv6 suite, and provides in IPv6 similar functions to those provided in the IPv4 protocol suite by the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). Its increased flexibility implies a somewhat increased complexity, which has resulted in a number of bugs and vulnerabilities found in popular implementations. This document provides guidance in the implementation of Neighbor Discovery, and documents issues that have affected popular implementations, in the hopes that the same issues do not repeat in other implementations.
776720fc1a25b2e907c4a468e1b19348a3ea339fb5630e617a7932a7e2ea9b23
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed