Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.
4ea99f4240ecfa30f2ade91fa5134f537e90a95ae74fc87ce3b6a0bdc94aad8fMandriva Linux Security Advisory 2009-021 - Multiple buffer overflows, an array indexing error, and a denial of service vulnerability have all been addressed in php.
b555ac0988692fa93e6e9e44ac9408180563ae66fd40475aa159a90f68e7f805Mandriva Linux Security Advisory 2009-020 - Multiple vulnerabilities ranging from denial of service to heap-based overflows have been addressed in xine-lib.
43ff4edc9f7da1c5c221e903dd7cc66b3c77e38c4641a9183d19d2b33c53ea40Zero Day Initiative Advisory 09-008 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.
2fc0525616b743c71b0b45c4aa9c69f6ccbde9267a935cbd98bd820caf3e6f72Zero Day Initiative Advisory 09-007 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of movie data encoded using the Cinepak Video Codec. When parsing the data in the MDAT atom, there exists a signedness error which leads to a heap overflow. When this occurs it can be further leveraged to execute arbitrary code under the context of the current user.
3d3041e57e3d4f81add0aa5f963216ba06122a2034185a3929bda170154e291aGentoo Linux Security Advisory GLSA 200901-14 - An insecure temporary file usage has been reported in Scilab, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Versions less than 4.1.2-r1 are affected.
d5c89b847a6215410229ba377696d9443f39977cd0cee7271a7efbf2661cbe89Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than 5.4.2.1 are affected.
df1dcc817a8effce7b67b98444e66e9d0d22d76918dfad9e2e83287e4208ecdcZero Day Initiative Advisory 09-006 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI files. When the AVI header contains a malformed nBlockAlign value in the _WAVEFORMATEX structure, a heap overflow may occur which can be leveraged to execute arbitrary code under the context of the current user.
32683e18a3f5938bedcc596d878f86461cc50f823f86b1dee606298980fdcd80Zero Day Initiative Advisory 09-005 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 'tkhd' atoms found inside QuickTimeVR files. Improper validation of the transform matrix data results in a heap chunk header overwrite leading to arbitrary code execution under the context of the currently logged in user.
39c657685c31cfb935822c756de85a3825c53ff6199e9ba245f40420b8dacba9Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. The CAPF service is disabled by default.
5e2b36de291e3497b6c4991f209f81884a0a970132e99f2cd077d46e7da57e43Cisco Security Advisory - Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server.
b226f4be76ab01dd4f1812dcdb417b7003248e443d0399aea14cdb496da02b86IMF 2009 Call For Papers - The International Conference on IT-Incident Management and IT-Forensics invites submissions for IMF 2009 being held from September 15th through the 17th, 2009 in Stuttgart, Germany.
45935f6c9d7ccdf54786e90ef421e53ad14272c1f318da2de237331964b9d059The Joomla Beamospetition component version 1.0.12 suffers from remote SQL injection and cross site scripting vulnerabilities.
76d1b982a904d2e61522dd656a8e4453b23e78c33afb1c9875e9ab12f61a45fbPatched source code for lib_mysqldudf_sys that allows for command execution on mysql with user defined functions. Adds a sys_eval() UDF to return the standard output of the command executed.
4b78254426b12bb3fdc6dcedbee863edc282799d0c7d4236f2652c31b3b1ef9b51 bytes small Linux x86 ifconfig eth0 down shellcode.
a3473af2855a6c5ff9b7cd927a90afb55b0129f55cf72105ca38eca1e8b41fab81 bytes small Linux x86 kill service shellcode.
1eacead55cdb0e66a441d277f59ff4f223a04dbf645310ebf5be720905fca77251 bytes small Linux x86 shutdown -h now shellcode.
33b46659b70ce3e62caa1b0f4eaac4b8f681233e97c409b7fd895a976717ab45Sad Raven's Click Counter version 1.0 passwd.dat disclosure exploit.
74bb2f257c294dd9e7866bc4c5649d1e99a63a07dfc6badd5fd44ce24eb176e9eCL0WN is an ePassport utility for Nokia NFC phones that allows you to read and clone your ePassport's chip content.
f3e4a00f991139e89b2ad23dbba70524c89e13376df08024a79fff973860b13bepassport_emulator is an ePassport / eID emulator for JavaCard. It implements functionality as described in ICAO Doc 9303. Additionally it implements functionality to write files and key data to the emulator.
251badbe6d1f5c41e1136bed44fd3fd88eedd63b1ccef5e7f59f1cf4fe338f54Firefox version 3.0.5 status bar obfuscation / clickjacking code.
2b57a072c851ffda435848acb72e2a9888ecaf3b12f24c38446f91038ea3bca9Whitepaper discussing the T-Com Speedport W 500 V router and related security issues that surround it.
ca98914c79ee53400280c9bc1a834d3f915411123635480dfeace5a33f6fa6fcDebian Security Advisory 1693-2 - The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw.
062ebd9f3ac3214ae5f72ee6b947ca0a7dbc1ad3944e42915968c3a3d4ce7944Debian Security Advisory 1709-1 - Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.
09833b69f4afe2a9898a02704962c10e5a4940dd1d419a7c77ac8e88550c008fThe Mambo SOBI2 component version RC 2.8.2 suffers from a remote SQL injection vulnerability.
52bea71664a15b4c7c4b9c4cdbf8baa918763cd1240e165cf608bbb40e9b1f78
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed