TTC Shelbyville – Technical Blog

It's not where you are at today, it is where you are going tomorrow. ~Steve Mallard

Archive for March 31st, 2011

In Ironic Twist, MySQL’s Own Database Is Hacked Via SQL Injection – Darkreading

leave a comment »

‘Cree.py’ Social Engineering Tool Pinpoints A Person’s Physical Location – Darkreading

leave a comment »

Tennessee Technology Center
at Shelbyville
Computer Information
Technology Program

---

Google Search-Blog

Hits | SV (NI)

• 961,284 hits

Steve’s Favorites

Recent Posts

• Reset Windows 7 services
• Network Connections folder empty
• Security Expert Fools, Records Fake Antivirus Scammers – Dark Reading
• CIT – Moves real hardware to the cloud LMS for IT Students
• Cyber Terrorism – Al Qaeda Video Calls for Electronic Jihad
• A Cross-browser Worm that affects all operating systems?
• How to make an ODBC connection to an SQL Database
• Want to try a new Social site?

---

Top Posts

• Test Your Hard Drive Speed With Windows 7's Device Manager
• Creating a Roaming Profile -Windows 7 and Server 2008 r2
• Enable NetBIOS over TCP/IP
• Optimize Your Windows 7 or Windows Vista Internet Connection
• DiskMax Cleans Your Hard Drive
• Increase hard drive size in VirtualBox
• NTop for Windows
• Release Mouse From VirtualBox
• Show the Administrator Account in Vista and Windows 7
• Measure your hard drive speed using Winsat

National Vulnerability Database

• CVE-2012-2568
  d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
• CVE-2012-2176
  Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
• CVE-2011-2722
  The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
• CVE-2012-2429
  The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
• CVE-2012-2428
  Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
• CVE-2012-2427
  Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
• CVE-2012-2426
  The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
• CVE-2012-1824
  Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
• CVE-2011-4081 (linux_kernel)
  crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on […]
• CVE-2011-4080 (linux_kernel)
  The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) e […]
• CVE-2011-3363 (linux_kernel)
  The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
• CVE-2011-3359 (linux_kernel)
  The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
• CVE-2011-3353 (linux_kernel)
  Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
• CVE-2011-3191 (linux_kernel)
  Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
• CVE-2011-3188 (linux_kernel)
  The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.