Whitepaper called Metasploit's Meterpreter.
1b01acfccb89b492007b8905da1e49f8a9f4d9d1d0338f7c59c152859292c7a2ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
1b2b495b207ac1f6007f841b3f38944a636a3ea4e9ac3d6559a30688e7e5fe2aiDEFENSE Security Advisory 11.11.05 - Remote exploitation of a command injection vulnerability in various vendors' implementations of Lynx could allow attackers to execute arbitrary commands with the privileges of the underlying user. The problem specifically exists within the feature to execute local cgi-bin programs via the lynxcgi: URI handler. The handler is generally intended to be restricted to a specific directory or program(s). However, due to a configuration error on multiple platforms, the default settings allow for arbitrary websites to specify commands to run as the user running Lynx. iDEFENSE has confirmed the existence of this vulnerability in the latest stable release of Lynx, version 2.8.5. It is suspected that earlier versions are also affected.
b4e1e54bc83530521503bfe91f4bca692869b0c1e30589c117f27fa98dc41e55aMember is susceptible to cross site scripting attacks via an unsanitized login variable.
09aeaa3107c25b1d5b405d6859a0ea1c2e31810c27dd8609186079c15aad9c49Zone-H Research Center Security Advisory 200502 - phpAdsNew versions 2.0.6 and below suffer from SQL injection flaws. Exploitation details provided.
2bb01d8a857a347319337c91c213000292e3c3de4261bf1f0a85cb37550308b2iDEFENSE Security Advisory 11.10.05 - Remote exploitation of an input validation vulnerability in Tikiwiki could allow attackers to gain access to arbitrary files on the vulnerable system and execute arbitrary code under the privileges of the underlying web-server. iDEFENSE has confirmed the existence of this issue in Tikiwiki versions 1.8.4 and 1.8.5. It is suspected that earlier versions are vulnerable as well. This vulnerability differs than the one described in 11.10.05-2.
5dde7fbf2801056b8bd81ced32b8f4b12a5b252a2cb9f5b05680ce1b84b2e2cdiDEFENSE Security Advisory 11.10.05 - Remote exploitation of an input validation vulnerability in Tikiwiki allows attackers to gain access to arbitrary files on the vulnerable system under the privileges of the underlying web-server. iDEFENSE has confirmed the existence of this issue in Tikiwiki versions 1.8.4 and 1.8.5. It is suspected that earlier versions are vulnerable as well.
3bec287e028f3add2b060c5caca6ea183bcd1dfe8bff378bb1972d6985c397c2iDEFENSE Security Advisory 11.10.05 - Exploitation of a buffer overflow vulnerability in Veritas Netbackup could lead to a remote Denial Of Service or remote code execution. The Veritas Netbackup Volume Manager keeps track of the location of volumes (tapes) needed for backup or restore. By sending a specially crafted packet to the Volume Manager stack overflow occurs. This is caused by improper bounds checking. Confirmed vulnerable: Veritas Netbackup 5.0 with MP1 (vmd.exe 5.0.0.370), Veritas Netbackup 5.0 with MP2 (vmd.exe 5.0.0.372), Veritas Netbackup 5.0 with MP3 (vmd.exe 5.0.0.377), Veritas Netbackup 5.0 with MP4 (vmd.exe 5.0.0.382), Veritas Netbackup 5.0 with MP5 (vmd.exe 5.0.0.387), Veritas Netbackup 5.1 without MP (vmd.exe 5.1.0.135), Veritas Netbackup 5.1 with MP1 (vmd.exe 5.1.0.140), Veritas Netbackup 5.1 with MP2 (vmd.exe 5.1.0.146), Veritas Netbackup 5.1 with MP3A (vmd.exe 5.1.0.150).
0ac9d8914a2943178c3bae5978669d615d29fc3c632ed89f22964e6488d7f562eEye Security Advisory - eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the heap with arbitrary data and execute arbitrary code in the context of the user under which the player is running. Systems Affected include Windows: RealPlayer 10.5 (6.0.12.1040-1235), RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8.
e3816b5f02fa98d487c0d02730d88c67c2aa3470592f50c4c4f8273fea543ceaeEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible. Systems Affected include Windows: RealPlayer 10.5 (6.0.12.1040-1235), RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, RealPlayer Enterprise, Mac: RealPlayer 10, Linux: RealPlayer 10 (10.0.0 - 5), Helix Player (10.0.0 - 5).
388915a016f8b5eefe252bbe9e9418bed2477734934e7969d49035046f7b6823Moodle versions 1.6dev and below suffer from blind SQL injection, remote command execution, and cross site scripting flaws. Exploitation details provided.
7f4da795f3eca350bb006c6a9bdefe5528867b9c78c28be1d0b94852b70ca941CAMELOID is a composite suite of P2P communication applications used to talk with a high level of security to other people. It consists of secure video, voice, and instant messenger applications.
889066143aa56c2f44734ad26b1eade8f8f1eed881a2af58065ec55842c272f6phpAdsNew version 2.0.6 has a path disclosure flaw.
56c2fc37e464c82994ec9a40d179b04a0cae14f824ac24ca0a6cabe18cffb338HP Security Bulletin - A potential vulnerability has been identified with HP-UX running the envd(1M). The vulnerability could be exploited by a local authorized user to execute arbitrary code and/or gain unauthorized privileges.
0d4045c5bbf15330fb0afe81d5f84ab07a1c4e9ada55f7728e5a82476ca29f50HP Security Bulletin - A potential vulnerability hs been identified with HP-UX systems running in Trusted Mode. The vulnerability could be exploited remotely to gain unauthorized access.
3afd685c147b58cd21323e5fcd00849271ca21f89c9297c8fde1a164b4b6c6f8Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.
6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8fe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed