COMPASS SECURITY ADVISORY - Outlook Web Access for Exchange 2003 suffers from an URL redirection vulnerability.
3c8469029bcaa8d904848a9899552c1450b188b585f0cd16c2df8404a2f3e953Secunia Security Advisory - g30rg3_x has reported some vulnerabilities in the WP Comment Remix plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery, script insertion, and SQL injection attacks.
09f1fa5c380e0a7cb1db8a87a9f818aa37fbdf6f828de11111868321170b32b6Secunia Security Advisory - A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
4d9086c9430dfdf961f0dec9ffb20b5355554ec9c567674f6b53eb43cb2ea042Secunia Security Advisory - Hakxer has reported a vulnerability in MyPHPDating (My PHP Dating), which can be exploited by malicious people to conduct SQL injection attacks.
495c8ad8029350808e80baa89f4fc312a713ea4b5faaec05175074fcb2b5ce35Secunia Security Advisory - Ubuntu has issued an update for exiv2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
0f00865e20a40508eb0330e4b8546f02f4a6272c129904958f94a6d1676f9750Secunia Security Advisory - Ubuntu has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
c29599e887acc705bb41f9ef2914f5b0e58fb97634c57e03066e0d72c71b8d8cSecunia Security Advisory - swappie aka faithlove has discovered a vulnerability in Elxis, which can be exploited by malicious people to conduct cross-site scripting attacks.
882caf955678a638e6b4ffaabd4eb7e1944d4c9b5030bc0bdaff500873b33611Secunia Security Advisory - Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
d6991cb9431832bdcc0b4241eced101ad2abdf908d52cb26b6b99b5f8ffc48aaSecunia Security Advisory - Ubuntu has issued an update for dbus. This fixes a weakness and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions.
4d3766dec8c9cf16cc34896f7c1f8b54acd55f6000da35ffe103c951cfa95602Secunia Security Advisory - Ubuntu has issued an update for lcms. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
5eb248e6d0ee4da293dfdbaeb24bc66965761f8e495f001facc7007426841801Secunia Security Advisory - Adriano Lima has reported a vulnerability in Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system.
c0e8dc905cc9b75daa2b523ca0a4b5756a867fa9a7df3d1ef0407a6d07e55afbSecunia Security Advisory - Angela Chang has reported a vulnerability in Webscene eCommerce, which can be exploited by malicious people to conduct SQL injection attacks.
5e1731d2b2003f0e0ec674171c06fe482cfe2a57876091007b9d98114c036cdeSecunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in various Oracle products.
f33471ef595df63df21a7c87477ab27d9ee8f191d3eca0f5e56a71dac84d4d9cSecunia Security Advisory - Some vulnerabilities have been reported in BEA WebLogic Server, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions and compromise a vulnerable system.
eead32c85245aae9f513c7bb969622b206263be8a645eb3e06cbfe3c7faab03fSecunia Security Advisory - A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information.
dc85ac28a771df1f4ca1d427d9041c0ac0821d5a1bd427bb5ef5ba7ef12cc853Secunia Security Advisory - A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information.
c5ce19fbd84e894ebfe64758fb63bec2f71aa0d3314ade56a0a33389d0bea385Secunia Security Advisory - A vulnerability has been reported in BEA WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions.
1f415022204e34a0626c25d9b9820695b21d167533593a890eac5fc0ef46caaeiDefense Security Advisory 10.09.08 - Remote exploitation of a heap based buffer overflow in Sun Microsystems Inc.'s Sun Java Web Proxy could allow an attacker to execute arbitrary code. A heap based buffer overflow exists in the handling of FTP resources. Specifically the vulnerability resides within the code responsible for handling HTTP GET requests. Sun Java System Web Proxy Server 4.0 through 4.0.7 is vulnerable in the following versions: SPARC Platform prior to patch 120981-15, x86 Platform prior to patch 120982-15, Linux prior to patch 120983-15, HP-UX prior to patch 123532-05, Windows prior to patch 126325-05.
f6a92e493a76a9b47f215b7530718298cbd6b92be1e2d9ac53b1345ab7319330iDefense Security Advisory 10.14.08 - Several vulnerabilities exist in Microsoft Corp.'s Office Visual Basic for Applications (VBA) which could allow remote exploitation by an attacker. Exploitation could allow the execution of arbitrary code with the privileges of the current user. iDefense confirmed the existence of these vulnerabilities in the following versions of Microsoft Excel: 2000-SP3, XP-SP3, 2003-SP3. Excel 2007 and 2007-SP1 were not vulnerable.
d12f15eff15b3b3042a7dcff3b85a5cf8da837b3ab17743d6d4c2060072aac0dUbuntu Security Notice 655-1 - Meder Kydyraliev discovered that exiv2 did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges. Joakim Bildrulle discovered that exiv2 did not correctly handle Nikon lens EXIF information. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexiv2 to crash, leading to a denial of service.
788b1990f1c0bee4bbf4f1f548eaf30fd8ca2c369b5951d1574b7cb7ea6fd37aUbuntu Security Notice 654-1 - Meder Kydyraliev discovered that libexif did not correctly handle certain EXIF headers. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could cause the application linked against libexif to crash, leading to a denial of service, or possibly executing arbitrary code with user privileges.
2b8202fc3e307569a8e29aa091805b73ee5445f095ac175f6ef8aa4cca2bd4a9ActivePortail suffers from cross site scripting and remote Java inclusion vulnerabilities.
d0149fc8068e3430166cdca90df425b0c543a12c40a3d04124273ceeb51372f3PHP Web Gallery versions 1.7.2 and below session hijacking and code execution exploit.
ee5145b4433cb67f1ec27bbb8df925f4aba031e6141f0b92dbec3237cdbf204cA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of an RPC request to the Message Queuing Service (mqsvc.exe). By sending a specially crafted RPC request a heap calculation can be controlled and later overflowed during an unchecked string copy operation. By sending a similar request memory can be disclosed to the attacker. Exploitation of the heap overflow leads to full access of the affected system under the SYSTEM context.
008a6cf0f644c4e0b0ad926a906f68df24e68fb35f0f36ade8992b4114c4bf17A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the componentFromPoint() method exposed through JavaScript. A problem in the implementation of this method for a particular object can be used to arbitrarily control memory access. By exploiting this an attacker can gain access to the target system under the credentials of the currently logged in user.
9be0acd20b531207b7045fac59a05cffd27dc61dad5ba2ffc9c186e175757549
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed