Next Page >>
0 0
Hash: SHA1
Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery
Issue For IPv4/IPv6 Dual-stack Routers
Advisory ID: cisco-sa-20080326-IPv4IPv6
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
Revision 1.0
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
Revision 1.0
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
Revision 1.0
Hash: SHA1
Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network
Denial of Service Vulnerability
Advisory ID: cisco-sa-20080326-pptp
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:085
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : April 28, 2010
------------------------------------------------------------------------
CompleteFTP Server v 4.x "PORT" command Remote DOS exploit
------------------------------------------------------------------------
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
-----------------------------------------------------------------
Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit
-----------------------------------------------------------------
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
GR Board v1.8.6. (theme) Local File Inclusion Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
YACK CMS 10.5.27 Remote File Inclusion Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
-----------------------------------------------------------------------------------
JV2 Folder Gallery 3.1.1 (popup_slideshow.php) Multiple Vulnerability
-----------------------------------------------------------------------------------
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
-----------------------------------------------------------------
DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
-----------------------------------------------------------------
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
=====================================================================
Groone's Simple Contact Form (abspath) RFI Vulnerability
=====================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
______________________________________________________________________
-------------------------- NSOADV-2010-005 ---------------------------
SonicWALL E-Class SSL-VPN ActiveX Control format string overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
What is AlleyCode?
AlleyCode is a free html editor. Alleycode was chosen as one of the best freebies on the Net. The entire list of the ' 101 Fabulous Freebies' was featured in the May 2006 issue of PCWorld Magazine. Thanks PCWorld...
Alleycode is a fast, sleek and highly productive award winning HTML editor with unique features. If you are new to HTML, Alleycode's great tutorial will walk you through your first coding steps... If you are an established coder you will find a refreshing, non-bloated infrastructure with fast and accurate delivery. Beyond HTML, Alleycode's wizardry focuses on PHP and CSS interaction for professional and easy management of your projects. Best of all, Alleycode is FREE! (we do accept donations if you find it useful).
What is the last version released?
The last version is 2.21
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:001
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : January 11, 2010
Tested on BullerProof FTP Client v. 2.63 build 56 (The last one) but may work with older releases as well
Registers:
EAX 00000000
ECX 65646362
EDX 7C9032BC ntdll.7C9032BC
EBX 00000000
ESP 0012F1E0
EBP 0012F200
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange
Resource Exhaustion Vulnerability
Advisory ID: cisco-sa-20090923-ipsec
Revision 1.0
For Public Release 2009 September 23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability
Advisory ID: cisco-sa-20100324-ipsec
Revision 1.0
For Public Release 2010 March 24 1600 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:002
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : January 11, 2010
4. *Vulnerable packages*
. HP OpenView Storage Data Protector v6.20 (running on Windows).
. HP OpenView Storage Data Protector v6.11 (running on Windows).
. HP OpenView Storage Data Protector v6.10 (running on Windows).
. HP OpenView Storage Data Protector v6.00 (running on Windows).
. Previous versions may be affected, but were not tested.
5. *Non-vulnerable packages*
______________________________________________________________________
-------------------------- NSOADV-2010-008 ---------------------------
AnNoText Third-Party ActiveX Control Buffer Overflow
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
1. *Advisory Information*
Title: Adobe Director DIRAPI.DLL Invalid Read Vulnerability
Advisory Id: CORE-2010-0405
Advisory URL:
[http://www.coresecurity.com/content/adobe-director-invalid-read]
Date published: 2010-05-11
Date of last update: 2010-05-11
Vendors contacted: Adobe
-----Original Message-----
From: NSO Research [mailto:nso-research@sotiriu.de]
Sent: 02 March 2010 21:30
To: bugtraq@securityfocus.com
Subject: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
______________________________________________________________________
NSOADV-2010-004: McAfee LinuxShield remote/local code execution
______________________________________________________________________
______________________________________________________________________
NSOADV-2010-003: DATEV ActiveX Control remote command execution
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
11111 0 11 01 0 11 1 1 111011001
resource was supplanted with a /Font
resource, but the type of the resource
continued being ExtGState:
261 0 obj
<</Type /Page /Parent 126 0 R /MediaBox [0 0 259 408 ]/CropBox [0 0 531 666 ]/Resources <</ProcSet [/PDF /Text] /ExtGState <</R7 7 0 R>>>> /Contents [20 0 R]>>
endobj
7 0 obj
<</FirstChaaa 1
/Type /Funt /FontDescriptor 23 0 R
resource was supplanted with a /Font
resource, but the type of the resource
continued being ExtGState:
261 0 obj
<</Type /Page /Parent 126 0 R /MediaBox [0 0 259 408 ]/CropBox [0 0 531 666 ]/Resources <</ProcSet [/PDF /Text] /ExtGState <</R7 7 0 R>>>> /Contents [20 0 R]>>
endobj
7 0 obj
<</FirstChaaa 1
/Type /Funt /FontDescriptor 23 0 R
Remote attackers could exploit this issue without having valid credentials on the target machine. In order to achieve a successful exploitation, the attacker needs enough privileges to remotely send WRITE_ANDX packets to an interface that uses a Named Pipe as endpoint. Those interfaces that allow NULL Sessions vary between Windows versions, in Vista the reliability of a preauth attack through the “\LSARPC” has been successfully demonstrated.
Affected versions
Theorically verified on: Windows 2000, XP, Server 2003, Vista, Server 2008.
Successfully exploited on: Microsoft Windows Vista SP1 with latest security updates.
Analysis
Next Page>>
|
