Section: .. / Last 50 Advisory Files /
| /// File Name: | MDVSA-2010-170.txt | Description:
| Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5600 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:47:14 2010 | | MD5 Checksum: | 1d5d76c35a7524b8752e4dfab043cf0f |
|
| /// File Name: | glsa-201009-01.txt | Description:
| Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected. | | Author: | Gentoo | | Homepage: | http://security.gentoo.org | | File Size: | 3040 | | Related CVE(s): | CVE-2009-2369 | | Last Modified: | Sep 2 23:46:38 2010 | | MD5 Checksum: | fdf7e822a65781e0b83fcc9be4491798 |
|
| /// File Name: | USN-982-1.txt | Description:
| Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11134 | | Related CVE(s): | CVE-2010-2252 | | Last Modified: | Sep 2 23:15:02 2010 | | MD5 Checksum: | 772e3ecddbb0e78f9ad1482e49e5c2b0 |
|
| /// File Name: | MDVSA-2010-169.txt | Description:
| Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 74322 | | Related CVE(s): | CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211 | | Last Modified: | Sep 2 23:08:28 2010 | | MD5 Checksum: | 0f02f3eda393e2a0d929deb75ea471a5 |
|
| /// File Name: | moaub01-cpanel.pdf | Description:
| Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected. | | Author: | Abysssec,Shahin | | Homepage: | http://www.abysssec.com/ | | Related Exploit: | moaub-cpanel.txt | | File Size: | 111765 | | Last Modified: | Sep 1 16:33:24 2010 | | MD5 Checksum: | 742e27e87f22754fb5fce6e831b68d44 |
|
| /// File Name: | MDVSA-2010-168.txt | Description:
| Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3636 | | Related CVE(s): | CVE-2010-2939 | | Last Modified: | Sep 1 16:28:29 2010 | | MD5 Checksum: | f0c6c2f4720853cfe16f3b61747fe479 |
|
| /// File Name: | macosxparental-bypass.txt | Description:
| The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent. | | Author: | Jonathan Kamens | | File Size: | 4344 | | Last Modified: | Sep 1 16:14:38 2010 | | MD5 Checksum: | a9781fd5642b187fa7ed3b0e9f72ac7f |
|
| /// File Name: | VMSA-2010-0013.txt | Description:
| VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3. | | Homepage: | http://www.vmware.com/ | | File Size: | 10502 | | Related CVE(s): | CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447 | | Last Modified: | Sep 1 13:39:58 2010 | | MD5 Checksum: | b09485d6be1c4762b45d7696cf3e5929 |
|
| /// File Name: | MDVSA-2010-167.txt | Description:
| Mandriva Linux Security Advisory 2010-167 - lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a. character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5605 | | Related CVE(s): | CVE-2010-2253 | | Last Modified: | Sep 1 13:36:21 2010 | | MD5 Checksum: | a51472767c3f02ea5ccf9de1e8f2c8ef |
|
| /// File Name: | dsa-2101-1.txt | Description:
| Debian Linux Security Advisory 2101-1 - Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 11187 | | Related CVE(s): | CVE-2010-2994, CVE-2010-2995 | | Last Modified: | Aug 31 19:55:01 2010 | | MD5 Checksum: | 9e4517c5c11a2c8679174a546d3783a4 |
|
| /// File Name: | apphp-xssxsrf.txt | Description:
| ApPHP suffers from cross site request forgery and cross site scripting vulnerabilities. | | Author: | Edgard Chammas | | File Size: | 827 | | Last Modified: | Aug 31 19:50:07 2010 | | MD5 Checksum: | 98d1db1212daa5664ef8d0e3227ebf09 |
|
| /// File Name: | HPSBMA02571-SSRT100034.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Diagnostics Online Edition running on Linux. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 6111 | | Related CVE(s): | CVE-2010-3003 | | Last Modified: | Aug 31 14:49:21 2010 | | MD5 Checksum: | 4e1948b4fa0864277f76dc2ab1b3e3e0 |
|
| /// File Name: | tortoisesvn-dllhijack.txt | Description:
| Tortoise SVN version 1.6.10 build 19898 suffers from the Windows DLL hijacking vulnerability. | | Author: | Nikhil Mittal | | File Size: | 1131 | | Last Modified: | Aug 31 14:48:05 2010 | | MD5 Checksum: | 18c757c53461202273321eb91c9e2d09 |
|
| /// File Name: | ZDI-10-168.txt | Description:
| Zero Day Initiative Advisory 10-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2990 | | Last Modified: | Aug 31 14:47:29 2010 | | MD5 Checksum: | f1e202e02d5bb2b6edce390377069eac |
|
| /// File Name: | MDVSA-2010-166.txt | Description:
| Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5483 | | Related CVE(s): | CVE-2010-1526 | | Last Modified: | Aug 31 14:47:03 2010 | | MD5 Checksum: | 74a5e32dcc8de585e13eaffbfbd944b5 |
|
| /// File Name: | USN-981-1.txt | Description:
| Ubuntu Security Notice 981-1 - It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 4848 | | Related CVE(s): | CVE-2010-2253 | | Last Modified: | Aug 31 14:40:21 2010 | | MD5 Checksum: | 1b6f8fba75621cbb77aeb7061fc7668c |
|
| /// File Name: | USN-980-1.txt | Description:
| Ubuntu Security Notice 980-1 - Julius Plenz discovered that bogofilter incorrectly handled certain malformed encodings. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 13555 | | Related CVE(s): | CVE-2010-2494 | | Last Modified: | Aug 31 14:38:55 2010 | | MD5 Checksum: | 3e230abdd37c42ca6371757ffe07ce1b |
|
| /// File Name: | HPSBUX02552-SSRT100062.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Software Distributor (sd). The vulnerability could be exploited locally to grant an increase in privilege, or to permit unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6949 | | Related CVE(s): | CVE-2010-2712 | | Last Modified: | Aug 31 14:32:17 2010 | | MD5 Checksum: | acc794ce0bdf65f028c00b56a9387ca4 |
|
| /// File Name: | dsa-2100-1.txt | Description:
| Debian Linux Security Advisory 2100-1 - George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 12897 | | Related CVE(s): | CVE-2010-2939 | | Last Modified: | Aug 30 19:21:02 2010 | | MD5 Checksum: | 778bdc01f758228ffbcc2e477119adc1 |
|
| /// File Name: | MDVSA-2010-165.txt | Description:
| Mandriva Linux Security Advisory 2010-165 - Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service via a string that is inconsistent with the expected number of fields. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4359 | | Related CVE(s): | CVE-2010-2947 | | Last Modified: | Aug 30 19:20:45 2010 | | MD5 Checksum: | 400b8ccbc492684a50d95e2110209de1 |
|
| /// File Name: | MDVSA-2010-164.txt | Description:
| Mandriva Linux Security Advisory 2010-164 - It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for this security issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2403 | | Related CVE(s): | CVE-2010-3056 | | Last Modified: | Aug 30 18:44:21 2010 | | MD5 Checksum: | 3be3a6120fce5c38be0b4281112147da |
|
| /// File Name: | dsa-2099-1.txt | Description:
| Debian Linux Security Advisory 2099-1 - Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 69317 | | Related CVE(s): | CVE-2010-2935, CVE-2010-2936 | | Last Modified: | Aug 30 18:41:38 2010 | | MD5 Checksum: | 78c12e5aea3880b86988e87ed64e14f2 |
|
| /// File Name: | orangespain-disclose.txt | Description:
| Orange Spain is adding the user MSISDN in every HTTP request it sends. Due to this, any web site you visit now has your number. | | Author: | xuf | | File Size: | 1190 | | Last Modified: | Aug 30 18:15:11 2010 | | MD5 Checksum: | fb788f399f4ea82ce7c3034d9fd9b97e |
|
| /// File Name: | MDVSA-2010-163.txt | Description:
| Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2791 | | Related CVE(s): | CVE-2010-3055, CVE-2010-3056 | | Last Modified: | Aug 30 18:02:54 2010 | | MD5 Checksum: | d248f7348fefef070fc9b5eb58537666 |
|
| /// File Name: | dsa-2098-1.txt | Description:
| Debian Linux Security Advisory 2098-1 - Several remote vulnerabilities have been discovered in the TYPO3 web SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3580 | | Last Modified: | Aug 30 17:58:33 2010 | | MD5 Checksum: | 3f95a2a22284f1eddb22cc015afa5722 |
|
| /// File Name: | tandbergsnmp-dos.txt | Description:
| Tandberg MXP systems with a firmware prior to 9.0 suffer from a SNMP related denial of service vulnerability. | | Author: | David Klein | | File Size: | 1392 | | Last Modified: | Aug 30 16:47:59 2010 | | MD5 Checksum: | 94fa4412d87b81d07357e6dcd9434898 |
|
| /// File Name: | cisco-sa-20100827-bgp.txt | Description:
| Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. | | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 20786 | | Last Modified: | Aug 28 03:07:30 2010 | | MD5 Checksum: | b4b431878fb3b62cfb0ac3c1ca398fee |
|
| /// File Name: | wp-10-0001.txt | Description:
| It appears that many browsers will gladly accept wildcard certificates for IP addresses versus expecting proper domain names for the CN. This is,.. well, very interesting and violates RFC 2818. | | Author: | Richard Moore | | File Size: | 3922 | | Last Modified: | Aug 28 02:49:20 2010 | | MD5 Checksum: | 1a46bac1f7079d8de9c0cd072d73cbdd |
|
| /// File Name: | TA10-238A.txt | Description:
| Technical Cyber Security Alert 2010-238A - Due to the way Microsoft Windows loads dynamically linked libraries (DLLs), an application may load an attacker-supplied DLL instead of the legitimate one, resulting in the execution of arbitrary code. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 4813 | | Last Modified: | Aug 26 22:58:57 2010 | | MD5 Checksum: | d00b1627b380c10f021ded0d34c7689f |
|
| /// File Name: | USN-979-1.txt | Description:
| Ubuntu Security Notice 979-1 - Stefan Cornelius of Secunia Research discovered a boundary error during RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/inplug/image.cpp of okular when processing images embedded in PDB files, which can be exploited to cause a heap-based buffer overflow. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 49436 | | Related CVE(s): | CVE-2010-2575 | | Last Modified: | Aug 26 22:58:15 2010 | | MD5 Checksum: | 74535dda002d578f0a113adf8c78113a |
|
| /// File Name: | USN-974-2.txt | Description:
| Ubuntu Security Notice 974-2 - USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 43559 | | Related CVE(s): | CVE-2010-2240, CVE-2010-2803, CVE-2010-2959 | | Last Modified: | Aug 26 22:56:18 2010 | | MD5 Checksum: | 3aab12c90f2cb1286a5d95fa9c8754fe |
|
| /// File Name: | MDVSA-2010-162.txt | Description:
| Mandriva Linux Security Advisory 2010-162 - A specially crafted PDF or PS file could cause okular to crash or execute arbitrary code. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13681 | | Related CVE(s): | CVE-2010-2575 | | Last Modified: | Aug 26 22:55:25 2010 | | MD5 Checksum: | 828e0e1c1bf3669dd61800bcabe534e9 |
|
| /// File Name: | ZDI-10-167.txt | Description:
| Zero Day Initiative Advisory 10-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. While parsing the HX_FLV_META_AMF_TYPE_MIXEDARRAY and the HX_FLV_META_AMF_TYPE_ARRAY data types the ParseKnownType function makes two improper calculations that can force integers to wrap. A remote attacker can exploit these vulnerabilities to execute arbitrary code under the context of the user playing the file. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2863 | | Related CVE(s): | CVE-2010-3000 | | Last Modified: | Aug 26 22:26:29 2010 | | MD5 Checksum: | b9185efa4eb6de6d380867c0480c44ac |
|
| /// File Name: | ZDI-10-166.txt | Description:
| Zero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2922 | | Related CVE(s): | CVE-2010-2996 | | Last Modified: | Aug 26 22:17:22 2010 | | MD5 Checksum: | f37c24d980d804b8558467fd71874741 |
|
| /// File Name: | applecoregraphics-memcorrupt.txt | Description:
| Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability). | | Author: | Rodrigo Rubira Branco | | File Size: | 3986 | | Related CVE(s): | CVE-2010-1801 | | Last Modified: | Aug 26 21:44:13 2010 | | MD5 Checksum: | 81a365eab7eb44bc60ed52a063dd3946 |
|
| /// File Name: | USN-977-1.txt | Description:
| Ubuntu Security Notice 977-1 - It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5184 | | Related CVE(s): | CVE-2010-2487, CVE-2010-2969, CVE-2010-2970 | | Last Modified: | Aug 26 02:36:45 2010 | | MD5 Checksum: | f68f3a58fdfc97baf2600337ecdae858 |
|
| /// File Name: | cisco-sa-20100825-cucm.txt | Description:
| Cisco Security Advisory - Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services. | | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 14084 | | Related CVE(s): | CVE-2010-2837, CVE-2010-2838 | | Last Modified: | Aug 26 02:35:41 2010 | | MD5 Checksum: | 39b956735d64474208f2097bb325129d |
|
| /// File Name: | cisco-sa-20100825-cup.txt | Description:
| Cisco Security Advisory - Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services. suffers from a denial of service vulnerability. | | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 11789 | | Related CVE(s): | CVE-2010-2839, CVE-2010-2840 | | Last Modified: | Aug 26 02:34:27 2010 | | MD5 Checksum: | 33edb5f3958a5e2477649763ba65dfab |
|
| /// File Name: | TPTI-10-15.txt | Description:
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPIX module responsible for parsing the RIFF-based Director file format. When handling the mmap chunk, the process trusts the chunk size immediately following the fourCC value. It is passed to Ordinal1111 exported by the IML32X module which is responsible for allocating a heap buffer for processing the rest of the chunk. If an incorrect size is provided, later memory copies can corrupt data beyond the allocated buffer. This can be abused to execute remote code under the context of the user running the web browser. | | Author: | Aaron Portnoy,Logan Brown | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1516 | | Related CVE(s): | CVE-2010-2870 | | Last Modified: | Aug 26 02:28:09 2010 | | MD5 Checksum: | 33e5b0573ece83e983beb2adc72c6a91 |
|
| /// File Name: | gfi-inject.txt | Description:
| The GFI WebMonitor administrative interface suffers from a remote script code injection vulnerability. | | Author: | Oliver Karow | | Homepage: | http://www.oliverkarow.de | | File Size: | 2037 | | Last Modified: | Aug 26 02:26:53 2010 | | MD5 Checksum: | e852ee5571207a5c8ba662b8b597b2bf |
|
| /// File Name: | USN-976-1.txt | Description:
| Ubuntu Security Notice 976-1 - It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6930 | | Related CVE(s): | CVE-2010-2227 | | Last Modified: | Aug 26 02:16:48 2010 | | MD5 Checksum: | 0b74366029786f67cded22e3a6d3a27b |
|
| /// File Name: | ZDI-10-165.txt | Description:
| Zero Day Initiative Advisory 10-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Internet Security Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the UfPBCtrl.dll ActiveX control. The extSetOwner function accepts a parameter and assumes it is an initialized pointer. By specifying an invalid address, an attacker can force the process to call into a controlled memory region. This can be exploited to execute remote code under the context of the user invoking the browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2935 | | Last Modified: | Aug 26 02:14:43 2010 | | MD5 Checksum: | 79d435b7566cb78ed40a20bd51f2e7e9 |
|
| /// File Name: | TPTI-10-14.txt | Description:
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the Director RIFF based file format. While handling the rcsL chunk, code within DIRAPIX sign-extends a return value from a call to Ordinal1412 within the IML32X module. This ordinal is responsible for unmarshalling a WORD value from the RIFF chunk. If the value is signed, DIRAPIX sign-extends the value, performs arithmetic on it, and then proceeds to use it as an offset into a heap-based buffer. By supplying any of a specific range of values, an attacker can exploit this condition to execute arbitrary code under the context of the user running the web browser. | | Author: | Aaron Portnoy,Logan Brown | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1598 | | Related CVE(s): | CVE-2010-2867 | | Last Modified: | Aug 26 02:04:34 2010 | | MD5 Checksum: | 96d9afaf64e2fd149b9f8514366fefeb |
|
| /// File Name: | ZDI-10-164.txt | Description:
| Zero Day Initiative Advisory 10-164 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing .dir and .dcr files. The director file format is RIFF based. While parsing an undocumented record of type 0xFFFFFFF8 the process trusts two user supplied word values when performing arithmetic to calculate a heap buffer size. By specifying large enough values an integer wrap can occur. The allocated heap buffer can later be overflowed with user supplied data. This can be leveraged by attackers to execute remote code under the context of the user running the browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3059 | | Related CVE(s): | CVE-2010-2876 | | Last Modified: | Aug 26 01:45:57 2010 | | MD5 Checksum: | f88a2fce9ddae8378727aca40c2218d5 |
|
| /// File Name: | 08.24.10-1.txt | Description:
| iDefense Security Advisory 08.24.10 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user.
The vulnerability takes place during the processing of a tSAC chunk within an Adobe Director file. A length value is read from the tSAC chunk and a signed comparison is made against the length value. If the length value is negative, a memory address is incorrectly calculated and a null byte is written to the memory address. This condition may lead to arbitrary code execution. Shockwave Player 11.5.7.609 and earlier versions for Windows and Macintosh are vulnerable. | | Author: | iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3647 | | Related CVE(s): | CVE-2010-2875 | | Last Modified: | Aug 26 01:44:09 2010 | | MD5 Checksum: | 673f32f198f653669b5abfe8d0c23244 |
|
| /// File Name: | secunia-kdeokular.txt | Description:
| Secunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. Version 4.4.5 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4195 | | Related CVE(s): | CVE-2010-2575 | | Last Modified: | Aug 26 01:41:38 2010 | | MD5 Checksum: | 4206064fb3450a30a10689d42f8e9717 |
|
| /// File Name: | ZDI-10-163.txt | Description:
| Zero Day Initiative Advisory 10-163 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the undocumented tSAC RIFF chunk. By setting a specified field within this structure to NULL, the application fails to initialize an object pointer. This uninitialized pointer is later called which causes the application to jump into random heap memory. By crafting the applications memory state an attacker can utilize this issue to execute arbitrary code under the context of the user running the browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2694 | | Related CVE(s): | CVE-2010-2874 | | Last Modified: | Aug 26 01:38:41 2010 | | MD5 Checksum: | 6a2e35fb9820458f0e7d9468d4110d5d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
