A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. Properly manipulated this can result in arbitrary code execution under the context of the current user.
49b0435fa9254e135d0b6f015bfd3fa93464f303ac00234d23f8fee521f7a163A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition.
04fd83b3273fc8bc309caaabc1eced3bc0a6561c6fc0ee4501f6e08d821426ceA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. After the file has been created, a call to Runtime.getRuntime.exec() can be used to execute the file.
9c039546ae9269c76b3d796cd08585ded3d5b027c2dd018ef10e757416ff4e92Secunia Security Advisory - Blue Coat has acknowledged a vulnerability in Blue Coat Director, which can be exploited by malicious people to poison the DNS cache.
484544dbbb1e4cb72620a0d9e58b5133825690128c559242bb1ff7e3e8251428Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
742712b79adb44ac6f189292da21ee47a7e298cb82d206626f47d0691011053aHP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access.
356a8ac4d471a5727f23a6540f9a3ffb6e1ed39004154dec680102ab794d6e59Bea Weblogic Apache Connector code execution and denial of service exploit.
6d707d6b5df9744b00ca718ea8eb0688964f290196f4d4759a0ab4d9011585dcIt appears that there may be a privilege escalation vulnerability in OpenSSH under Debian due to how SELinux hands out roles.
0279c23d6d13e64604d206c6989dcc20e7cedeb8a7905e7896caad31fb69dfc9AlstraSoft Article Manager Pro version 1.6 blind SQL injection exploit.
3ccb846b34daa155cd95cb0579ef065e4ef96847cdc0037fd108faf8ab3d6a56Dokeos E-Learning System version 1.8.5 suffers from a local file inclusion vulnerability.
df7b29ca06e5dd9587bac73d60d862dd5a3890250492ab6361c5a11b4f3876e9HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
a6698f6c2f130a53f26800f57edc750877a09fabe643a9f4c3d5bbdb9c4b0568AlstraSoft Video Share Enterprise version 4.5.1 suffers from a remote SQL injection vulnerability.
683c806dabcda3109413aafe3b8cea6579e65e9120fc04ab567ed4164c32f3f6PPMate PPMedia Class ActiveX control buffer overflow proof of concept exploit.
76cac4af6558ea52ac9df437063fb13277db91ca8c2a32884614b1fe93fd5586phpHoo3 versions 5.2.6 and below suffer from a SQL injection vulnerability in phpHoo3.php.
a1e97ef8a5446e98a30c94d679401d7993cccdcad3888ed1a0490a8da760970aSecunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in MyBB.
2e12f2bed9c713296aef642a7fefcd669d051d277a1a5c67d3e1fdf6bc21676bSecunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, gain escalated privileges, or compromise a vulnerable system, and by malicious people to bypass certain security restrictions or to cause a DoS.
60fb5346b631684cc0f547e09513c5e4519e0bc00afcfc8d71577b74ce35daa7Secunia Security Advisory - r0ut3r has discovered a vulnerability in Black Ice Document Imaging SDK, which can be exploited by malicious people to compromise a user's system.
bd19027b04e785f11848ac7da9c5bc4e2a32cc41ddfc1dbed46c73438e18650fSecunia Security Advisory - OpenBSD has issued an update for X.Org. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
58fda1fdc5c5f6f238b1f958934cb1589b04923f1d1420f5418d555361ed42d4Secunia Security Advisory - Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
bd4f8f9228c1da56dd517f7f8fd17f835c0e9fa896d9e463f580aac0dcb37a2aSecunia Security Advisory - HP has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
a1349f1b5d100cf629285293ef941138506f367929bf70b4f6e0346f2d5cb1d0Secunia Security Advisory - Blue Coat has acknowledged a vulnerability in Blue Coat ProxySG, which can be exploited by malicious people to poison the DNS cache.
4a93f69b0038d708ba3114ed0a82534f73df5ead2a96109b0d4e6e93b7aa1f32This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
1ce58606d3eddff9223fe3a488f8c0cc0f6238e521811ffc418b4dd84491b12bSecunia Security Advisory - A security issue has been reported in Mercurial, which can be exploited by malicious people to manipulate certain data.
b610dcd804637d8efae5461c7b32f0f4caaf929026bc4b4ca27b01677b4a7036openPro version 1.3.1 suffers from a remote file inclusion vulnerability.
0fddf9f46c55b2b8481c2aff74df61b519b1bfa1c18c0010e9ce23aa1572cff0Anti-Phishing Security Strategy - A lecture presented at BlackHat 2008.
8f1e3d61a767523a1c71c153736d8ce06f404313b5babf7871ef36575d630b2e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed