This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.
0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0Ubuntu Security Notice 1235-1 - Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges.
4c6627307c93273bcf8436a3a9536516d67d681c3df14f342a64dda58cbab3c3Debian Linux Security Advisory 2324-1 - The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code.
9829b33336676c8fda20a44bf2bf4221d9194c7f95427d3ce90e35f02d3cf6afRed Hat Security Advisory 2011-1392-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
38d5d3cdd137a8ddd27f61f26b4d6bd80a8be345b51f7fcd45471eb5bb0f29baOCS Inventory NG version 2.0.1 suffers from a persistent cross site scripting vulnerability.
2edc29ba63a069d988d3b4b142e76efb8065de62461e42ceb42809493e2fbbd2HP Security Bulletin HPSBPI02711 SSRT100647 - A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could result in disclosure of personal information contained in workflow metadata to unintended recipients. Revision 1 of this advisory.
25b09fb50cf641df93774cc845e055eabec6ea70cc83a3964de6ca4024915972Opera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.
8419c6bd6968801cd9b15a92576ef242081b83329fd21b4ab556bdc4d0c512c6Ubuntu Security Notice 1236-1 - It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Various other issues were also addressed.
b0bddf24cb995158c0eba5cfbdda2ed4a77f0705cd513bca55d2c0b412b0ac28MIT krb5 Security Advisory 2011-006 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated. In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field. In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.
8b04ece8c34bca3fda0990a86bfcf42198a26b09a9a26da0008d965a7b170253Ubuntu Security Notice 1234-1 - Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service.
985aaa6d61e0f759fa5bd45f5426e0d1f307709b65882f1516bfc941c175725cRed Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fcRed Hat Security Advisory 2011-1386-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. Various other issues in the kernel have also been addressed.
a292c5086756cbebf4c05054f127313991d1329a2c63d6296b2aa08d6948fc72Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.
b0175858820b9e6438b1ec0ef4a41eeaa2957167c87f13ca78bade3f36b4401aCyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.
2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability.
52ef03907b06a53b203a4e0f97b5e303c2199dd0b475cf6d74c7c993198f3050Pre Studio Business Cards Designer suffers from a remote SQL injection vulnerability.
02b79738b456b46a060f9c6796dd51ab2a9e4766147700841e7356ca484f1d2cOracle DataDirect multiple native wire protocol ODBC drivers HOST attribute stack based buffer overflow proof of concept exploit. Oracle Hyperion Performance Management and BI version 11.1.2.1.0 is affected.
819a9a7103b651bf569460c2245b8f99e365a77da86f7f58d8d1faa6db2a9fe0HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524daTine version 2.0 suffers from multiple cross site scripting vulnerabilities.
694f7255e76308ce35b0db450a361b7ae0102347788c3d19b4f0a1d65da87496Uiga Personal Portal suffers from cross site scripting and remote blind SQL injection vulnerabilities.
0850b0373ceb33e2e98600dcf74d17019ae0aceb37c2be131cea4721f59bce44CMSmini version 0.2.2 suffers from a local file inclusion vulnerability in edit.php.
702805a640d6eda3e44aef5fc8e7038fa46cbbcbc0b37d8ffa490299862bfbe4UnrealIRCd version 3.2.8.1 local configuration stack overflow proof of concept exploit.
71bfcad8bcbf78c8eb8c2135b6b8bf5399b78eae5d03c67e7d5e4610dc3236e6Opera versions 11.52 and below proof of concept stack overflow exploit.
d8e6d58f0c40d06f09f7f9e1562cc78db5502eabbfa08a284ed2ca5e41060dd9Opera versions 11.52 and below proof of concept denial of service exploit.
2a6758138a9765d3cc1929bce5ecaa3ec9bfcd4368b4177f67a84d7ea0a2adb9Secunia Security Advisory - Two vulnerabilities have been discovered in wizmall, which can be exploited by malicious people to disclose potentially sensitive information.
3ab2a1917dbe0d94017ced6564a53e892c085c7fd447a3ac16881a8819070988
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed