PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
3771948f0bd952728776730df1a273e42847c65f28d2f2d69c737d27de5ba2c2Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.
cf859e1ad1c98b0dde07bdc578e2b168e650f347139813585542152040c3f5c3Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.
c098a4388a127889dfd3764db922cde8244b6a82e61ff357ae5785d470fd40d5This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6Gentoo Linux Security Advisory 201110-11 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 10.3.183.10 are affected.
1fc7f689cdb3c883ce36c76490807f1cc45caa5c421b71567dc8d8327d946b70Gentoo Linux Security Advisory 201110-10 - Insecure usage of server provided filenames may allow the creation or overwriting of local files when using wget. Versions less than 1.12-r2 are affected.
57dae58b35db5d84d829246ae2e2948d8086cfde9ce02247b86fb1f06da2ba7eGentoo Linux Security Advisory 201110-9 - A privilege escalation vulnerability was found in Conky. Versions less than 1.8.1-r2 are affected.
1cd8d87ed499a61416faa2be73cf9604d0fd72578063d92e215492c7fe003f3eSecunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
cf0138ff322e3ab94042d38771e594ed95b5964bbd8dd0800ea8623627a65784Gentoo Linux Security Advisory 201110-8 - Multiple vulnerabilities were found in feh, the worst of which leading to remote passive code execution. Versions less than 1.12 are affected.
6c4e5614a2ed2293e58f95ab888ae9613792e279a5a9c7299e6fc2453fb2152bWordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.
9b07f455f6aee294073adabc402040fdad7b34b7d958d48990162aa3974e39f7Red Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.
f0ad974a63999ee0a2da67fe7b5c6434dc5657a1919e71a6c7d833f173143ae6Microsoft .fon extension kernel-mode buffer overrun proof of concept exploit and write-up.
c9041b25d1db7f3af1b8cb43239c5d141716f9bc0a5017a00f045f34067e378dSecunia Security Advisory - Fedora has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.
371219e3e280e00f3847a8fead33b4cd6da0211c979fb72c5558ee22ee910292Secunia Security Advisory - Fedora has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
6942e1af39177c84f6d258135a458bd121fd8b288bc334d322291d46cb81cef8Secunia Security Advisory - Two vulnerabilities have been reported in the eTree component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
570f71efbdc7dd22728f2a2ca3a2168ec70049fbca8a533d639cad7cbf11dbfdSecunia Security Advisory - Gentoo has issued an update for feh. This fixes a weakness and a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a user's system.
c6beac10c35681bd1ef9a8ffb8e6ff6872e46582552a8409e50d5392b76f3462Secunia Security Advisory - Two vulnerabilities have been reported in EC-CUBE, which can be exploited by malicious people to conduct SQL injection attacks.
656d86a2eba803110946a44d921ac95c5226a0b762038734d70016ae27c86dbciDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bfiDefense Security Advisory 10.12.11 - Remote exploitation of a cross site scripting vulnerability in Apple Inc.'s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.
f0c865bb1f976b089d902e9f7390f2f2ca0c59d60500b96ec2cbe3e73945e00cRed Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
f9744937ca728dde6c061d9b423e536392bde93fd90da8b2c7901931451c0fc4Almzn suffers from cross site scripting, SQL injection, and add administrator vulnerabilities.
a8370fa029e9823b3cf1f50916327d134932ca72868530bb518a6b107f00efaaTechnical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
f8e5be39396a195dc1dc30012aa1575c33052ce127689291b4cd47f6df51bf61The Joomla Directory Tree component suffers from a remote SQL injection vulnerability.
147eadc55394af1ca270019429bec35dd425c9eb313cef0ee49125f915d4b27dUbuntu Security Notice 1229-1 - It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.
649358d7dbacd6dd66eea3975147611d64a8d7d4b6143b19fbe78c20ef3d65c9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed