FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.
50ab73e18c85232ccd993cef89e2d46586aa4f827d36aa88ad33256fe4a53d2dFreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.
38bb62ce0e6626ae58f5bdcb8590d53027dcaccd01d33f928641394b6ad66427HP Security Bulletin HPSBMU02776 SSRT100852 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). Revision 1 of this advisory.
81bc660490835ba3e0d0c8bb863ac4728f1c3963fde22d565671ac239b46f148Ubuntu Security Notice 1472-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
f6b10b2fbdb528f442cb96e52f6df2940c5be1eeabed260818c6143b69ef8d30F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
6ac4496033f2428dbb162f6a1981e581a57e0ffa587cd8f0dc742fc39045f66eThis Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
da0008da963d30190b80ec624d76b37a43a7996230c2eda836dbddf9adef1f96Zimplit CMS version 3.0 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
d687242f45ad944f038ec802f8b8dca7bd6897fa90332f14a9e5e39818973784Apple Security Advisory 2012-06-11-1 - iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.
644c91fc8758a15b827d4bc4a159391a534dc99616a262e6926d0a05f89dab42This bulletin summary lists two re-released Microsoft security bulletins for June, 2012.
b0fd8000e5fac19e69898b9114b001de9004ba355cd47b89e02c5694958682d0This bulletin summary lists 7 released Microsoft security bulletins for June, 2012.
cadd2667353f95e62b5be34d5aa33caa74f50448487147ad4457309236fdf3e8OpenType font file format denial of service exploit for Windows.
f3a712450f67c5b2c06069fbb762c7a9314ba82c0ce4ac5d5238c536170c830dZero Day Initiative Advisory 12-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. This can lead to remote code execution under the context of the current program.
8f092c9a13be63d1f680705e9f626e08f3dffdf52fc8e721397a923db23101f6Ubuntu Security Notice 1470-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Various other issues were also addressed.
fe6b359af2c687cda0fce023e8e9c9304bee201b1d57cb22fcf7188bb397c2c7Ubuntu Security Notice 1469-1 - Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.
594c21c635dff165aefb36fc8efba145dfcd42d2ae004ea438cd34b005a18297Ubuntu Security Notice 1471-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
5da40a81e209efaa88fb4ba0a92153988d80335c08397b33d2a9d2f74e48edc2Apple iTunes version 10.6.1.7 M3U playlist file walking heap buffer overflow proof of concept exploit. This also affects 10.6.0.40.
6ca043856d67f4a832ccf2fb3c9bc2d684d525d689f7920b7106be12c3031bb0Photo Collection version 1.5 suffers from a remote SQL injection vulnerability.
1ead0ad92540a0c9df427025a14eccd48ed284427145b5103d2e34cbbcb26d63Edimax version IC-3030iWn web administrative authentication bypass exploit. Written to use on a Mac. This also affects Edimax IC-3015 and Airlive WN 500.
752e66671fbfcb2b8ecd43374b58b4b79148ce19656b38f3936ce93089219033HP Security Bulletin HPSBMU02790 SSRT100872 - A potential security vulnerability has been identified with HP Server Automation for Linux and SunOS. This vulnerability could by exploited remotely resulting in the execution of arbitrary code. The vulnerability is in Samba which is used in HP Server Automation. Revision 1 of this advisory.
af0e7a4c6db8639f20483e55e8c75872cc1c7d21031f9c997e53b454ff867b65PHP versions 5.4.3 and below have a parsing bug in PDO prepared statements that may lead to an access violation.
63b75d37126d6b5d3ffcfea40451283f8d4bb2a0b2906244f247c2d6bc8c62d7MySQL remote root authentication bypass exploit.
fa8a07437a078edcac9f7f432c70a04cd4fc7c1f42f36d254d4fa9efe0c46b18This is a proof of concept remote root authentication bypass exploit for F5 BIG-IP. Written in Python.
56ead1dc2b7a0b89044841502ec4977b0bed8067f3b3118da72703e3b50cbed2o0mBBS version 0.65B suffers from a remote SQL injection vulnerability.
932fd79684c4a385a2c9010ac80f8b8190f6edd02361ec162199122602d74062Ubuntu Security Notice 1468-1 - Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.
49d840b9c333e32a3a4e88769bed1c994080b9a7bbf9e703ef7f042c9886d84bDebian Linux Security Advisory 2493-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit.
21e8618cd5d616376fad6c256d487e6681705187c9bfa7fea9986649f72ace9b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed