Stack-based Overflows - SEH. Part 3 of a series of tutorials.
8c90d998ebbbf340e741fdd7c905319237609777b5f37b55fec31993f86ef7efDebian Linux Security Advisory 1935-1 - Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
f865f82f07d73c848ba941571d0b49f816946149bd8f70b4226dc437168d8570Mandriva Linux Security Advisory 2009-158 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS4 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.
5bd375625642efd760e980781a7a03778322c3751d4dbc28a85f3385fd6b650eTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
0fa268ef7904dd4e4456525285d49ed3d3ac6fd6df4686de20d9077c05ae0f60WordPress MU versions 1.2.2 through 1.3.1 wp-includes/wpmu-functions.php suffers from a cross site scripting vulnerability.
04732f8d93fe0ce601091242ec0471c3a3dc3936c54d2536bb4d0ffd27437709Adobe Photoshop Elements active file monitor service suffers from a local privilege escalation vulnerability.
b33d4ca40803b1642c94b09c62f8f926650704f520db05335558bd06a273b8a9This Metasploit module exploits a stack buffer overflow in Free Download Manager 3.0 Build 844. Arbitrary code execution could occur when parsing a specially crafted torrent file.
bcfa2ab0e58219edf62f560a2a8bc25af546cb9b3279c2b78321b59a6704d8c6The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.
83d0c07059bd8b10dcc32bc8db157936376383c89fc0e3bc29477cbbfe30404aiWatch is a real-time filesystem monitoring program. It is a tool for detecting any changes on your filesystem and reporting it to the system administrator immediately. It uses a simple configuration file in XML format and is based on inotify, a file change notification system in the Linux kernel.
beb2b8326b90130b3102cba38e6efb1f73622e9b52ea1b1da6270e2365ee0fe7The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
bd537e8cfd62c93c7b97d86560d13e889862b2c616cffca2fe13d5ca4981bc95libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
1e2a133b111a367c579b89d72d5da9e65a73b8e57202b91d540a51141aca69aaKalimat News System version 1.0 suffers from a remote SQL injection vulnerability.
4a6e84efcb5d51309743c741a6985890ad27cda02fd36037ed9e32c07f66a9edDow Group suffers from a remote SQL injection vulnerability.
d4e3930b81c0783e8270dfe24d53fe1d0da6d0941bcb5eb8372b8e85e400fc49ActiveBids suffers from a remote blind SQL injection vulnerability.
cb424cb43e92a6d9b924c48a23190e1b74fd1a904ff14c52f26630b224ba3808Active Trade version 2.0 suffers from a remote blind SQL injection vulnerability.
96b68961d0a6f7e67c1e045518f8abbfdd519dae575c53053ab5dc3246a02aa8TelebidAuctionScript suffers from a remote blind SQL injection vulnerability.
59ab906d8c6ed326d6283f7c3fd71a3584ec06568d9f68b05b91e3502cdee3ffShoutbox version 1.0 suffers from a cross site scripting vulnerability.
bc883f546cd973743ad7832afda159156c2d4619503afd447d513cca3d353f4cAvast's aswRdr.sys driver does not sanitize user supplied input IOCTL and this may lead to a kernel heap overflow that propagates on the system with a BSOD and offers potential risk of privilege escalation. Proof of concept code included.
b35d3031b9047fb77a41797ff7afab2b0ef69ed1772c46257f660d79981cbdb9The Joomla Joomclip component suffers from a remote SQL injection vulnerability.
bbb2539f97e3c215efb939024665d0badb5a0745ef75db002f69decce9937b5bMandriva Linux Security Advisory 2009-300 - The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. This update provides a solution to this vulnerability.
13f50b9f4a7da6a88ee62c014dd14bfcd83bd78617103e28eb5edc81ad16f3edThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
226f724ffb5915c8522fcf87ca2f9e787d31c1855dadf80953485f661ea314dfUbuntu Security Notice 859-1 - Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. It was discovered that ICC profiles could be identified with ".." pathnames. Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. Multiple flaws were discovered in JPEG and BMP image handling. Multiple flaws were discovered in ASN.1 parsing. It was discovered that the graphics configuration subsystem did not correctly handle arrays.
3a2e680a13f977b81a1d37e61bc6bdfa08463e69eae900c81456f8f673c77864OS Commerce version 2.2RC2 suffers from an administrative bypass vulnerability allowing for command execution.
7e6cbe5179e855a24226db6d3b8f8c7a251760822041daf1adcd9bfb00d6c0c7Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.
ed41a61ee6a96323a70d1473d264138fe153fd8d0c341f6b6c99253319cc1ba0New exploit for an old already known remote file inclusion bug in Bitrix Site Manager.
6a154e2b2c0cb34ec95bc116539057ecf20f9aacc494e528616d099222de9582
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed