Ubuntu Security Notice 849-1 - Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a user or automated system processed a crafted VOC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Erik de Castro Lopo discovered a similar heap-based buffer overflow when processing AIFF files. If a user or automated system processed a crafted AIFF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
79c4365c987c4d606975c35ed877397db5a44a7d007e2e8b85e9ab1a670891bfSpider Solitaire local crash proof of concept exploit for Windows XP SP2.
39456be0748817e71f86b0bfe87df870a909b478cf76b80d9b9afc5f2a7098e8Mandriva Linux Security Advisory 2009-279 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. This update fixes this vulnerability.
2b62a55e24b7aa26c401cd16cb4872b8b758d488485ade3ea6a720c8f6d15442Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.
fbe830d076100f57e540a54da49f464fced24007b9a5d42ebb17e035b7cbfe6bMillenium MP3 Studio version 2.0 local stack overflow universal exploit that creates a malicious .m3u file.
9cdb533043a4cefd15514421c32add6846459f97d10abe6dc40cc0c0100a7264Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.
abaf4a5c974c4287f018e8c66823ccd3d87043abdb1d88ed986b9cb2fd2ac270Eclipse BIRT versions 2.2.1 and below suffer from a cross site scripting vulnerability.
76aaa9ef642b127b8f3769f2e8f89c652d6655bb52ea7728108117500596d207Pentaho version 1.7.0.1062 and below suffer from cross site scripting and disclosure vulnerabilities.
49597cb26cd53ef0182ae67b4e95514579433cf0c35d17be9d1532ca908e5593iDefense Security Advisory 10.13.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.
46af8ea0d27e803521a04613c0afa93c64815bbde88e5c32277735b5dbec88c0iDefense Security Advisory 10.13.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Windows GDI+ could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Windows XP Service Pack 2. Please see the Microsoft bulletin for additional details on affected software.
cf6057235dc06deabb97059dcda36a22488060fd8671a6c4fbe352badb98d851Debian Linux Security Advisory 1911-1 - It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new function is called pg_escape_string(), which takes the database connection as a first argument. The old function escape_string() has been preserved as well for backwards compatibility.
7172bcdaaf63fe0d62e1d2bc48815208e542c66a12e260a70767490b814d8ce0Debian Linux Security Advisory 1910-1 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.
c5ca7235cabdedc4c8be457ce3d37c7fdff2134e1f51a6791415879047c3e383Debian Linux Security Advisory 1909-1 - It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.
ce02c757e270106dcad9d45d562406b0f3343ee90986be350d3ee9a9dde985ccMicrosoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability.
80fa117d24dc8845f2994b4d1e1342b08f6ff97d25b492bb4f924064b92e3e2cVarious reproduction code that demonstrates memory corruption when loading/unloading Adobe objects through an EMBED tag in Firefox.
cbfab4ccb60d417d49251f98b1b677a08ea4a6fa400b4d5b3cd721ce1aeb2be8Secunia Security Advisory - Red Hat has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
e29623c42b0de4fddfe9bda1a162280d86f1336c945044040b23dc048143f733Secunia Security Advisory - Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
65d4e2ac3a9df4fd133b4055eb7766ffd15786c10db55d028990c74d1a3f8e21Secunia Security Advisory - Debian has issued an update for mysql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.
e8604de15f25aef4c7c8550f0208397c1e6a20c26a71ee00a75435f89fa099edSecunia Security Advisory - Debian has issued an update for postgresql-ocaml. This fixes a weakness, which can potentially cause SQL injection vulnerabilities.
6d221fc5399adacf5927be4e1c19bbd7ec0da7613c8167165454fdd82736df45Secunia Security Advisory - Debian has issued an update for pygresql. This fixes a weakness, which can potentially cause SQL injection vulnerabilities
c439bb8868cbba9f77122f165f4e59322b64739219753f80774076f4f165fba2Secunia Security Advisory - A vulnerability has been reported in the Organic Groups Vocabulary module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
155fb02724a2bdc44227bab5c4fd9ac880ab12882d5032c9b27136d2e92dfe3cSecunia Security Advisory - Some vulnerabilities have been reported in the Webform module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information.
ab4e8ae47de505068ed8928d4c7b18798b5a5ae0668df81f4f31235f3172ec98Secunia Security Advisory - A vulnerability has been discovered in bloofoxCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
b7e7fa24637be2827913c999815279cf65004a74206e9140a35751c283caa492Secunia Security Advisory - A vulnerability has been reported in the RealName module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
5a5bd45dd6be7ffb4f2e60421801b1e4496a16dba7335d742cff70667089b98cSecunia Security Advisory - Dr_IDE has discovered a vulnerability in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information.
3a83ac14cc7924e214482a5efa4057c8ff39695e5677091ea8b0d0a2fa752644
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed