Secunia Research has discovered a vulnerability in Serv-U, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in a function when processing a hexadecimal representation of a string using a TEA decoding algorithm. This can be exploited to cause a stack-based buffer overflow by passing an overly long string. Successful exploitation may allow execution of arbitrary code. Version 9.0.0.5 is affected.
91578cec99ab6bd596015abc46151a4524003351c0b7b52ba97ff0920567f0c5HP Security Bulletin - A potential vulnerability has been identified with the Cisco Catalyst Blade Switch 3020/3021. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
ea08f093537b584373ba4ecea842587a49b52eed50b47dd316839ec3ef17823eThis paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2fSUSE Security Announcement - The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.
64dd6d04fc2d6d8902730cdd4ebe8561bc511ab3d3891aabc2ba909b1c8b1636Paper on poisoning a torrent's peer swarm with large numbers of fake peers, including proof of concept code. Works on most trackers. Could possibly be adapted to perform a reflected denial of service (DRDoS) on a target.
9ef8fa4913dfc7ea605f7ff92cc9b58d17bb8847b4e976ba538c2d898c68c01eGentoo Linux Security Advisory 200911-2 - Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Versions less than 1.6.0.17 are affected.
6c09d770120fdd5f0fd5936497c4e389e3872a0dc13ec5c2b2565221dc0a2be7Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.
7d534a7b0dbe0cbc5abd0d58b4d34abfed0c6b32115eace7c6021c6659df10e8Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.
66708303038192047a61eddb05e535eccc4f5020eceeb60349b6a70ac5c0494eKaspersky Anti-Virus 2010 version 9.0.0.463 suffers from a denial of service vulnerability.
7ae0cfcd643b35679b0935fa72b27c7089e68d07020a0c1a2084c395b59bc687HP Security Bulletin - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely by an authorized user to execute arbitrary code.
b855638e504c36224e12fe96f7f3ef6f6bdcb6ad6ab169f40486ddc6af19bfd9Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.
d7ed67ca8048162c65807572876c20725ffeeafb25e10c4e521996f9876bd56cHome FTP Server version 1.10.1.139 suffers from a remote directory traversal vulnerability.
3e2aebb0adee075436258fb142539b20bef583fe7ffa202bd139a3339fc90e1bNovell eDirectory version 8.8 SP5 HTTPSTK login stack overflow proof of concept exploit.
aaff44cb7e0507ba901a88e6833da6ac7746837d03811e3d7515b64aa4b00925Adobe's AcroPDF.dll Active-X controller version 7.0.5 suffers from a denial of service vulnerability. Proof of concept code included.
e2f760594e35ad2f78542900bf23c1fe3c24c3c59698335541a9bd9414797cabMandriva Linux Security Advisory 2009-158 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS3 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.
376767689a770b410a1a4463080312327ed9d33c1b032b67fcb9b94eaadc2488Joomla Extion iF Portfolio Nexus suffers from a remote SQL injection vulnerability.
2544bbaeedb2fa932acf7f721f6fd221aa50b8b6985ff009361c8774703446f9The Joomla / Mambo Ezine component version 2.1 suffers from a remote file inclusion vulnerability.
64e128e7842dcece7bfeb3a3c1c62129f99a25bd02e4949442ecae7ddec3654e71 bytes small ip6tables -F polymorphic shellcode for Linux x86.
ec9b712caa705ccbd87234f9ebb1e5ae3ffc0307009e35dc3f6d1501f301801f47 bytes small ip6tables -F shellcode for Linux x86.
3840566c05ffaa2ffc2617d924372f2f816bb87c9d53ca6c2a2c26bd0c98ee67Home FTP Server suffers from a remote denial of service vulnerability.
66a1b9607f465cc97dd2702d08b04d74f0289162cc31c8f3e78630982ad4b1c7Call For Papers for Troopers 2010 - The conference will be held in Heidelberg, Germany from March 10th through the 11th, 2010.
be8c5e5f52ad4de4728b84de59c6accecba9377c46e7a506ac066710d384bfc9Alteon OS BBI versions 21.0.8.3 and below suffer from cross site scripting and cross site request forgery vulnerabilities.
1b51194ddfb04e33e624402eb4d2735d44b283fa92494f8c50b04ddc871b6c91Linux kernel pipe.c proof of concept local privilege escalation exploit.
5a47903584a2c97af605391e2cc36aa5943b60bfcc2f6b301ab746c32cc5867fCall For Papers for the Second International Alternative Workshop on Aggressive Computing and Security. It will take place from May 12th through the 14th, 2010 in Paris, France.
0cb078c4a9b363a11c8e6fb5167eef53437c243fe5d15968a3cb1ca679bdcafaPHD Help Desk version 1.43 suffers from cross site scripting vulnerabilities.
9e31d678e762edb548c87400979bdc81a4269333d3425fb379c8406bf176fc71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed