Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.
2f5947f61b2053c1b2b1488965d4ff29d455c8f4c71b6f1e91940a3f62d70d5fAsterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.
135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23efAsterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.
98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701Red Hat Security Advisory 2012-0509-01 - Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
a8e8a801da4b7a24fc2903f6f33c984e1248132f1730c633edd984d26d065336Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
86cdccdd75a2167c965a21dcf8b602ed42e2bf5e67e39de3e1dd59929dafce0eChurchCMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities.
daf142bf714b4c86657eb17fad71cfb835dab67218e8b0d57cc94cd82c369f65An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61adHITB Magazine Volume 1 Issue 8 - Topics include Online Security At The Crossroads, Reverse Shell Traffic Obfuscation, and more.
ce9505a07999c10f769a572fc687092df7190d5051db686f1aac5f5692f848c0School Website Solutions suffers from a cross site scripting vulnerability.
80af71695150018fd717350d968e6d200dcb7528844b325608fb32140f234a4dExponentCMS version 2.0.5 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
68603c7e8c2f5997c0f69c3794e2233a415b93ed2b8acfd1beee701a907b284cMobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.
956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.
2c48263ca242c08c83e3159ab0488a34d4ec0b9ed8c46ee7db29a49caef65b02GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
d9a436ea8718c38a564812e465c883f4f37ddc8c80c6f8bee54819e6e4089c37Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.
82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204The Chengdu Bureau of Commerce suffered from a remote SQL injection vulnerability.
485022ae694ea017c10886b769a85def92a56b4c1995fdc791c6874eb3483ce2PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.
6cedf29fc659f2cd0c64391437f038105fadb2a16b9f4d6f8e7ae6eccd68b0daThe Joomla CCNewsLetter module version 1.0.7 suffers from a remote SQL injection vulnerability.
d2c897d67407427434081f218fb0089ff1365eac5a2eba24124029029063349cFirefox 11 suffers from a denial of service condition when using exponential string growth and document.write().
e6169f26969ab9aa9399cca746e0d10bf95dfab65d2e74bb8d282c1637de31bdSocketMail Pro version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
8c6779a1eadb006c8062a398d4c92c4cbce1b3d62daf99afa8ff5199b15e3922Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.
322f88d3c41d308f4807b8706507315c8cd49fb01199b1f3dab44952ac956f55IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
970c996aa7c982bb7a6e11f66d1c1cddee59c395b7871150919ec0fabb8a448bNet-Shops suffers from a remote SQL injection vulnerability.
5ead4e933a3d3e2a1b3112845c501bd40d2bb2e1d092310a54f72c40f18c6a9dWordPress Organizer version 1.2.1 suffers from cross site scripting and path disclosure vulnerabilities.
cb5eaf654ba60434ea63c8dd98d4f667086ce8f96b6c93a73f6f3eeaf17f507aphpMyBible version 0.5.1 suffers from a cross site scripting vulnerability.
00eaf52410c8bbe334ebef0b88b348137723faa8547488832b47369f0ea9b4eaVSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.
62460a143a7893941f8c2a7a320f48f1e15c0964c0c6ff6e99e6284cd21d8be2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed