VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.
3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.
683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.
80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58aGentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.
ebd71cf22019908747f1ea5cdd3a86acfb248e6a38bfa41979b555e7a1acbe4cSlackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.
ecb1893087d0d66f7dad6cf8deaa65276787950af36d4ce86965243130244165Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.
d8b63bcd49f44bb59448c810296db5ea1c1da32b571e78c2773ee2634be2daf9TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.
6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.
a0b32edb63a75a52f36b3b0a16898f214ffdda7d8f01efbf9482265d991f663bMandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
0789baa7bebd1d751cfec338c14d6c275606f4495052e7dfa5e95751824ad5e3Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.
f55dddfb5e32f8447e8f4c85d600ec6b3af91b45f0d4851a964df1ee21ef722bTripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
e09a7bdca9302e704cc62067399e0b584488f825b0e58c82ad6d54cd2e899fadSoltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.
3a2128ffc8465d8e9ab1437eee66ccd0120c1ab286e6b4e9656695dcdae0c80bSites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
cc8a5a522b2375d69ee3a4d6f8f2c0a2d801ef0278c4b5ce1f94a8115dabf0a6Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.
22bced0651b954ffd992c7d05b169412b5cccc21f9d0c513894db79d4f5178afSites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.
0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24acPerformance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.
ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.
97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.
e606476fb827bd1dfe2fc1fc86cba2d171d51472da3a964744a23aa25cdf5e2dCyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.
2c9165f3e7ef400778699bc7ee1575c639a581bd0fa9c04fa40e4fac52460c6cDebian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.
066d7c113b0c85a7655f00b154282b537f716ce919215cbc842ab76b2915d745Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.
a5ac28b86f0822c45d84e94416073eff2e1458438f359271b10e054b23cae04eDebian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48fThis is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.
8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed