It seems the recent QuickTime vulnerabilities are receiving a lot of attention. Exploits are popping up fast, and there are now working exploit frameworks to attack both Windows and OSX. Since the exploit can be embedded in websites, it’s harder to avoid it. Even the practice of avoiding untrusted websites may not be 100% effective. [...]
The first is a potential remote execution of code on HP-UX systems that are running Apache. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.0 or earlier are known to be vulnerable. While the HP security bulletin is a vague, it does cite CVE-2007-5135 which details an off-by-one error in the SSL_get_shared_ciphers function of OpenSSL 0.9.7 – [...]
Avaya has released information on multiple vulnerabilities within their products. The first issue is an error in certain OpenSSL functions. A certain function can be exploited to cause a buffer overlow and a weakness in the RSA implementation can be exploited to reveal the private keys. The following products are affected: Avaya Communication Manager (CM [...]
Symantec Backup Exec for Windows Servers is vulnerable to denial of service. There are two different issues that could cause a denial of service, one being a NULL pointer reference that can cause the backup exec job engine service to crash with a specially crafted packet sent to TCP port 5633. Two integer overflows within [...]
Today a vulnerability was disclosed that effects IBM Lotus Notes. The issue effects versions 5.x, 6.x, 7.x and 8.x. Specifically, the issue lies within the Lotus Notes viewer, a specially crafted Lotus Notes viewer file (.123 extension) could cause a buffer overflow within the viewer and lead to the execution of arbitrary code. If you [...]
The latest releases of Firefox (2.0.0.10) and SeaMonkey (1.1.7) address three recently discovered vulnerabilities. The first is a race condition in window.location that can allow Cross-site scripting via referer-spoofing. The second is a memory corruption issue which could lead to the execution of arbitrary code. The third is a jar URI scheme vulnerability that can [...]
Quicktime versions 7.2 and 7.3 are vulnerable to a stack based overflow. This vulnerability is caused by a boundary error when processing RTSP (Real Time Streaming Protocol) replies. This can be exploited by sending a specially crafted RTSP reply with a long “Content-Type” header. Exploitation requires that a user visits a malicious URL or open [...]
Bit Defender Online Scanner is vulnerable to remote code execution. A vulnerable ActiveX control can be exploited to execute code on a users system. The vulnerability is reported in version 8.0. There is an updated version available. Linksys WAG54GS has some cross site scripting issues. Two separate issues can result in either script code execution [...]
Perl 5.8.8 contains a buffer overflow when processing certain regular expressions. The overflow can occur when switching between byte and Unicode characters. This affects currently installed versions of dev/lang. Users should apply their distributions’ updated version or rebuild the source with a patch applied. PHP 5.2.4 is vulnerable to multiple issues. Successful exploitation could result [...]
I have been talking about PHP scans for a while now. They are so common that we get them on our HoneyPoint deployments all the time, often several times per day, depending on our location. These scans follow traditional scanner patterns in that they grind through a list of specific urls that are known to [...]