nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
4f237befc1fd17197d282b0402cd578e29edc55eb97eb0fc7c973eeee6e1157fLenovo laptops running the Hotkey Driver and Access Connections software versions 5.33 and below suffer from a privilege escalation vulnerability. Full exploitation details provided.
d8dc187e0294d4dae1e803d9852012143ae25ce2df1e8b4274d155bb97154a81This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
ae96e70d04104824ab10f0d7aaef4584ac96b2a870adfcd8b457d836c8c5404eUbuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10.
474f008855ca7ea10ad00cea2ab2639b40a6f9d2afb20ec01fb138953ff5bd4bTribisur versions 2.0 and below suffer from a local file inclusion vulnerability.
2b0bb138ee84f919c802a02154f8070073689e03284063521acc501abb291ccdThe Spamassassin Milter plugin suffers from a remote root command execution vulnerability. Full exploit details provided.
75cd6d52002b0122839ef452c78b2755836360ff899b51abde576bc341679eb7BigForum version 4.5 remote SQL injection exploit that dumps user table information.
f67da6aeef884f55b06974fbebace25be1a39c92352b30e501ad020b94aa9ce7Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents.
a72983ee744d25dfc04d40a965a434d2113971925229e2050b24ca9d099830b0GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries.
b97d378c46c8d7eec969af1eeb0fc11ccda1e1c360df558e358cbf8969c9fbd7DvBBS versions 7.1.x through 8.2.x suffer from a cross site scripting vulnerability. This is a variation of the flaw that affected versions prior to 7.1.0.
9f37ed72f976da22a339f1e6361a6815b59198a6686c39e4ab2f066a7299cf6bCroogo CMS versions 1.2 and below suffer from cross site scripting vulnerabilities.
054008374f67a42198fe905618f0d4efa6eff61cdcfebaf1673a45fc12275af7Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
562ddf2d69f98ce6039ace5fef36d80678472ed664d7d5d0c3eb8ea20773c0f0JITed exec notepad shellcode.
f7f52c6ee5c1adab75dc974e6e122cb739c4d989ca728d781c188a5c2f6343b6JITed Stage-0 Shellcode. This JIT shellcode finds VirtualProtect, restores the address of the shellcode, makes mem exec and jumps to it.
e071a7ace3c781d63436ad1adf0cb96594c718c351445f8b3b1b2b3f572d530aWhitepaper called Writing JIT-Spray Shellcode For Fun And Profit.
c63788300beae3066d70ac6a350d32e8cc1e68446bc632aafb68473e7976af03Oracle Document Capture (EasyMail Objects EMSMTP.DLL version 6.0.1) Active-X control buffer overflow JIT-Spray exploit.
7a9746300d26475c500c06ecf062e068b9a0e28fd2cf07f465696ee404fd0138SAP GUI version 7.10 WebViewer3D Active-X JIT-Spray exploit.
458ba63f5ff5d557f1a79fc440cbb8e1068f816122c1a6f06f6408d9b76078f0BBSMAX versions 3.0, 4.1, and 4.2 suffer from a cross site scripting vulnerability.
e9150514fecb68412d5d2e3fbd59c8c6ab1220a6d61ae6f4c9ee8bbb9c992835E-Topbiz Link Ads 1 PHP script suffers from a remote SQL injection vulnerability.
f50a97f705d7d4db462b3f69d05d76e5985ca1a522d45750cd8aad38ec8575eaTopDownloads MP3 Player version 1.0 crash exploit that creates a malicious .m3u file.
748828612c1ccb1e08ebc066a4aaf7c7506639292f65913ef9aae5d9e6acec73Flare versions 0.6 and below local heap overflow denial of service exploit.
b3d27bcc33b449e871fbb238c6b946edd4a80b55a3871f001fd92a5356dcfbffGoogle Chrome version 4.0.249 XML denial of service proof of concept exploit.
df6038505ed4e7b09b5fec8cc3105f88bb88348c6721cafbce284e6fbb0e0dd0Secunia Security Advisory - Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions.
58fcb956905707e43ee5b9366423796dbf181aca346a42f8d0ce803e894a1a3eSecunia Security Advisory - Fedora has issued an update for fetchmail. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
b8c824fc597a86557d15a1a444765edff7bcf60d3469394ea895f02aecf3e0d8Secunia Security Advisory - Mr.tro0oqy has discovered a vulnerability in Yahoo! Player, which can be exploited by malicious people to compromise a user's system.
f0e276e4c75a5d2650fdc9c62de47555ad6392503bd81dc7ff5edc035e18242b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed