Leader - When security matters .: [ Network tools from Leader ] :. Online privacy and proxy tests, flexible whois tool, ping, traceroute and more. Also - news, security and anonymity tips, forums.


	Новости

	Новости сайта

	Новые файлы

	Новые уязвимости

	Новое в рассылке bugtraq

	Российские новости

	О сайте

Новые файлы

MDVSA-2010-142.txt (16505 bytes)

Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
uplusftp-overflow.txt (2777 bytes)

UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit.
symantecams-flaw.txt (5229 bytes)

Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit.
jira-xss.txt (2336 bytes)

Jira version 4.0.1 suffers from a cross site scripting vulnerability.
secunia-autonomykvrp.txt (4449 bytes)

Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
secunia-autonomykvindex.txt (4524 bytes)

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
zemana-escalate.txt (2802 bytes)

Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability.