Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
42515affc73f5c469a33af81dd25de7146d8ac9142dd6b95bd411920755f9c42Mediacoder version 2011 RC3 buffer overflow exploit that creates a malicious .m3u file that will bind a shell to port 5555.
fbcfe46b0a318078d0ab2439fb9b3f1409a159f850153dd356d7f45ce5fa09a1MPlayer Lite version r33064 SEH overflow exploit that creates a malicious .m3u file.
1b55c647e927e0bd6d1bece8906a4764a929fe79d2028a5ddd7c87dfd0ee488aOnline Store PHP Script By Goran suffers from a cross site scripting vulnerability.
31c65dc883e4f6e15ca7d000dc9a50bf9aa584c03987673babe9acf736514d77Online Store PHP Script By Goran suffers from a remote SQL injection vulnerability.
94fcbb9b89cd04d9c9ddf2dd3d8ede1d25738518947fd5bada908f7116181511WebFly CMS suffers from a remote SQL injection vulnerability.
d3ede83184b80b2fe65b6978cce8eeac4aa4fb33be3ad77535f461e0d84d5492A very large amount of vulnerabilities have been discovered in multiple SCADA systems. These ranges from buffer overflows to denial of service to directory traversal issues and more. Systems affected include Siemens Tecnomatix FactoryLink, Iconics GENESIS32 / GENESIS64, 7-Technologies IGSS, and DATAC RealWin. Included are 34 advisories and related proof of concepts.
8bd14c7eed99151c80ec9a25811b7e674194f88dc2e6c43bad5c81eaef69fdcdRealPlayer versions 14.0.1.633 and below suffers from a heap overflow during the handling of IVR files. This is caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer. Proof of concept exploit included.
6e595a81866c87dd6d9792d4d8aed66218fd680ae847cde3941f629d9ad64923Mandriva Linux Security Advisory 2011-051 - The Linux 2.6 kernel has been updated to mitigate multiple vulnerabilities related to denial of service, arbitrary code execution, stack memory disclosure, restriction bypass, and more.
4cde969b4cdb9c88d249a1bc077eb95b786a6396542e2655f3fdef84c6102638Debian Linux Security Advisory 2197-1 - It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation. A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding.
7b7212876c0dc85a313a39760b58246048b833cdff698a6fde7789df6595bc40Mandriva Linux Security Advisory 2011-050 - It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple. The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.
6946f9cf77da9559208045f1b25444c5b5032dbb9a51384c41139be8a379b5d6Imagemagick version 6.6.8-5 with Libtiff version 6.9.4 appears to suffer from a buffer overflow vulnerability. Proof of concept .tif enclosed.
89d1bd335b330f97e026b62da3a2f55786503c0641f0c62ef60030e8fce38301Mandriva Linux Security Advisory 2011-049 - The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
c08705321456654fe5a1918b154688cec58d91991fae2c1710c2faa6478ac2cbThis is a basic TCP SYN scanner that is multi-threaded.
768c595fba7ba7e81da35e1bba1118bf08a1d689c6e419804d2109fc64177436CMS Lokomedia version 1.5 suffers from remote shell upload vulnerability.
9887ba2dae5c855c073b17ee313676904ca193aba34b95b95ea07aa798342653Douran Portal version 3.9.7.8 suffers from a file download / source code disclosure vulnerability.
05de5c3083ad1234fda02cbcc818d3263aeb88c4dea387ee5fc84d20f85ef3f7Call For Papers for MobiPST 2011 - The First International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST 2011) will be held in conjunction with the 20th International Conference on Computer Communications and Networks (ICCCN 2011), in Maui, Hawaii, USA. All papers presented in MobiPST 2011 will be published in the workshop proceedings.
ce0868ee6c6cc6ab14250d5ab7660132f5c0f37dfd0a2a4ca779a2e8b7f40febThis is a brief whitepaper detailing risk management, or Gestion De Riesgos. Written in Spanish.
f789c890534783007f92e8397c0db8825e91423bc0e8fd272df2b9b182ddb4c7Debian Linux Security Advisory 2196-1 - Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name Service server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service.
d49aefc27dfbbe7942488de6cb7354b601d73d5e01aa2c45b7d3956fb795753cDebian Linux Security Advisory 2195-1 - Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441).
8c976ecd8159b97b81ceda7096250bcdba228218460a2b386797c24f18912b61Audio Editor Pro version 5.0 local buffer overflow proof of concept exploit that creates a malicious .ogg file.
661b6f80b89a5b345ac887e570db5d5f0a9ce5462c163383c42b9fbfce56c724Web Poll Pro version 1.0.3 suffers from a cross site scripting vulnerability.
f8fe190fe04cc434abcaf1a0cf5c5ac8f54d44612355e537500815c167c71fd7Secunia Security Advisory - Xr0b0t has discovered a vulnerability in Kleophatra CMS, which can be exploited by malicious people to compromise a vulnerable system.
6b421d56b5d730aab96073898480ed380b39314e7c48b8f915d98f5d0a879b5bSecunia Security Advisory - Multiple vulnerabilities have been discovered in Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks.
d256f78d521d1bfdc25cd970a62d8acf5266050e53ccc6fec7480e6a18846432Secunia Security Advisory - Red Hat has issued an update for samba3x. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system.
fa854108bc3e49d9803baaafed24cf2becf4acaf1086c1e66d79398bd0c38e67
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed