A periodic public report from the drone armies and botnets research and mitigation mailing list.
d8660109449f620cf8895e7c45bb1bd55a7dc6a06f653a8bf1123905272735cbDebian Security Advisory DSA 775-1 - A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and Galeon will be automatically fixed as it uses Mozilla components.
70b200ee1caf143db21a82a22d34ec043616a8921b0b7e732f65315d1a63d697THC, aka The Hacker's Choice, is having their 10th anniversary party in Berlin, Germany. It looks like it should be the party of the decade. Please check out the events to come and register for the party. We'll see you there!
4dca91d98be49f3e4af07ad7461860e0c7142b36950d1525acc6b467ba4a64e7Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site.
f1693245942b10512ab9dd01ee950c7b7ead43979f7b2d80448b9875aa3599a3New generation shellcode using 'nooil tricks' methodology. 249 bytes reverse generic shellcode without loader (no null byte).
fd35c001c46f13468f2d40f4e5dee47a5e1803c677189bf3889635375ef9f4bdA vulnerability has been identified in Hummingbird FTP that can be exploited by malicious, local users to gain knowledge of sensitive information. Hummingbird Connectivity 10.x is affected.
d04633ae079e84c44150370257c9d66040fc583d0ea50afbd73ea91a0df8f75eEfilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program.
605f260d1552a4c13237e4e651ab9ba12c73cdd4477da51b4718699a8ac52b93jg-tc.com is susceptible to a multitude of cross site scripting flaws.
6d526f97918cc762035f12d7bc35c67912941b7dd9816f183eb882e977762adbNordstrom's website is susceptible cross site scripting attacks.
810da5684cf06c923921901384bcc2f3d582b9b858f74fb3aba761cfbf0f4d45Citibank's website in the UK is susceptible cross site scripting attacks.
ae5c8de63bf36042a566a3a019200738fc969786145c7954cf685023ea6b2c98PHPTB Topic Boards 2.0 is susceptible to a SQL injection attack.
67271627a17c673fb9e999ae4d9f16be6d3c8a7a618b32120978b49e15469c94Nth Dimension Security Advisory (NDSA20050719) - Mentor's ADSL-FR4II router, firmware version 2.00.0111 2004.04.09, is susceptible to unauthenticated administrative access, downloading of configuration files with the system password, and denial of service attacks.
0f83b740a762a56491cbed35335983e8fef2cbc2304efae7c7441605de1e61aeThe JaguarControl ActiveX controller suffers from a buffer overflow exploit.
a837e1b607966b803e5bbc39eadee683de8b90c2c6f1e46ecdeb7d1e125a4493Secunia Security Advisory - Two vulnerabilities have been reported in My Image Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
7afb58d365e442f8ab2a8a3ed2915a0561856eaf294dacfc7d221c21ebc7a827Secunia Security Advisory - Some vulnerabilities have been discovered in Dokeos, which can exploited by malicious users to conduct directory traversal attacks.
ce5fdb85eef74d9aa0560652741a0865768c7dc39ca6b7135364c11f36199aedSecunia Security Advisory - NISCC has reported some vulnerabilities in MindAlign, which can be exploited to enumerate valid users, gain knowledge of various information, conduct cross-site scripting attacks, cause a DoS (Denial of Service), or bypass certain security restrictions.
36300f39ff87d3836d0cd9d07c797b633fac47c20f580fa79c33c2490f030b7dSecunia Security Advisory - Reed Arvin has reported a security issue in ePolicy Orchestrator, which can be exploited by malicious, local users to gain escalated privileges.
3b66316a632e8bdf61878a0e0a4a1cf175f41ea73e435559982000313c0feba0Secunia Security Advisory - Dr. Peter Bieringer has reported a security issue in Kaspersky Anti-Virus for Linux File Server, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
e048f1416ecaffe6749a8ceb3a5438d236c147e758db5998a30c4fc5ad9dae04Secunia Security Advisory - SGI has acknowledged a vulnerability in SGI ProPack, which can be exploited by malicious people to compromise a vulnerable system.
62f0685da4a65e3c51fa33ae816687f553dbdde8bac86414065a79234ff34a04Secunia Security Advisory - A vulnerability has been reported in SafeHTML, which potentially can be exploited by malicious people to bypass certain security restrictions.
e85a3a61f86ac6ba782fc925ac0497ca24a08778e257e7800dbe2988017ee070Secunia Security Advisory - A vulnerability has been reported in KDE, which can be exploited by malicious, local users to perform certain actions with escalated privileges on a vulnerable system.
3dabc11cd9adeb06da92ebb626a280723e326939b8c8416e844739af4ea12c02Secunia Security Advisory - Stefan Esser has reported a vulnerability in PEAR XML-RPC, which can be exploited by malicious people to compromise a vulnerable system.
c1e3dc575e27ab21e79689e514702197f1e8b8cce86aac88ec6982944a19e091Secunia Security Advisory - nnposter has discovered a weakness in Hummingbird FTP, which can be exploited by malicious, local users to disclose certain sensitive information.
cd814a8a8e054d9131de0257eb62c1ec4b8099fcf83ea9771613bbb04c4fe452Secunia Security Advisory - Stefan Esser has reported a vulnerability in XML-RPC, which can be exploited by malicious people to compromise a vulnerable system.
558174a311e2b96da27db8eebf9200ff067fb8811c55f2dffb707eca58807e75Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious people to compromise a vulnerable system.
fa12de4fdaf0c45a814ca7a3209a0de4a812c4cd17686aa554356e31b585e9a0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed