The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
85f55c391fa51f8db9e2ea2e5872c2b57c06a40ec881bb2bd591e58f9ae0baadThe VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
f1a197c1783c02ee319890a13237b275d13b69b33b95c58bfe6caca575473a2cVaM Shop version 1.69 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
e7be6a349fb7fa475b190dbd576c798458ed565900ce8576d69bc1978a55c97eMicrosoft Office Picture Manager 2010 suffers from a memory corruption vulnerability. Proof of concept exploit included.
59e2da8fc426307586dc012cb58ef77cd9f3f38ce3648cadce0a6cce64d31281Debian Linux Security Advisory 2564-1 - gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers.
f8b52a6c1fbccca041bc74642d02a10c8223947969343b9bc0b948dd15e669b9Debian Linux Security Advisory 2563-1 - Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories.
e4bd0ae005283900714ca58befbcec7bd36c373213fee04cdcb1465faaad36bcDebian Linux Security Advisory 2562-1 - cups-pk-helper, a PolicyKit helper to configure cups with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The user would have to explicitly approve the action.
a07205eca2f1e437c1a0f904153e8780529e54a7663a98b1a3ddc4991221fec7360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
d9fb0acb155f64254f747054284f388236ebe887cd473089b6502874ce95d0d0HP Security Bulletin HPSBHF02819 SSRT100920 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
0d362168a978d021c1ea55ad09ee267e01eb9e8af90e327f4301737cf6d80279Whitepaper called Facing Facts - Best Practices for Common Uses of Facial Recognition Technologies.
26081d7cc28821e503db773ab10ada01a3c074fd9c51537d4cda5644ac737bb0Apple QuickTime Player version 7.7.2 division by zero crash proof of concept exploit.
ba375ec556d1cd6f889aebee23677f184509045a7fe8fbc2f585850d1cd9743cMicrosoft Office Word 2010 stack overflow / resource exhaustion proof of concept crash exploit.
b46919f3f0419af51d5685e4b2654d4f86a5968c5a626f444383d5263b197e56Debian Linux Security Advisory 2565-1 - Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser.
0b8b43e40ef3698963f4dc163d37bd38a108d72f12cbfd9b187e01c4c977cfdcUbuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.
6a47539f04b7e6027e65586fefcfdc15dce0746a842a2dd746e710d783e4a6c6Red Hat Security Advisory 2012-1401-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.
e54cb3b043d14e4a95ace8ecf411e7ea44937d5b3287c2dbffa908bb9dc58d4f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed