Blog Mod versions 0.1.9 and below suffers from a remote SQL injection vulnerability.
0732e7c34ee22e682f599f1653e569067a64acdd5b25bccd40f47d6d4cd6c83dThis is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.
b104cfd2f826400eb9d8d5a81941ae270ed54b62ebfb9893fc474185b717dd60Utempter allows for utmp manipulation that can deceive any software depending on it.
158ebf754dd7aea0420f62e882dc07d1115a71b7b038eba49a746eceb19da362This is a modified version of synscan that checks credentials against MySQL instances and logs the output to mysqljack.pot.
24847c2c7a4902a7f34c01a46299bad29d65594d3c31354d49f56ff691b37f51et-chat suffers from a remote blind SQL injection vulnerability. Note that these findings house site-specific data.
0a0da902b0edcdd2b314955a591b76d566139b09f9a32dd7bd827527961bb106MyAuth3 suffers from a remote blind SQL injection vulnerability.
20fadbb2046474a1cd41ed731732fd403043fbffc82e2b5468d421ad6babefb0Open-Realty version 2.5.6 suffers from a local file inclusion vulnerability. Please note that local file inclusion issues have already been found in this software in versions up to 2.5.8.
24a826948bbe7abd9a542e43ff3cbd1ca8aa1726a299b6ff7a498c23d2a9e47aThis Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.
6f5a8c2406a41e33a82abea58ad31e2ab24d2e47c5ad7403b51ed4ce3b1f2ca2Mandriva Linux Security Advisory 2012-160 - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.
c30e96034a9153e00d6e271ca2203c39d52f16954e85dba12fd8244f8b459b53Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
7933914a5bd0818fcc659f45b174483e1b7b9524862e2697b1d2a54a18803dadMandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.
32f652449710b63d0996de9156bb7e612a4d76530c83ee10539186a5fed9ccf9VMware Security Advisory 2012-0014 - VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities.
565b1e569c6a5e5ba677df58963e893634524f033da484353388c215a50747ddDebian Linux Security Advisory 2555-1 - Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.
c959d5eab09fe98d37976ab22e1513cafb038267dffd27b4d6a167bf65b379b7Ubuntu Security Notice 1597-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).
258d218672b9c92001a7e024f697e1f4e71142d8eeeed7c16edc26c831b5234b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed