Musicmatch installs an ActiveX control which can then be called by other sites (totally unrelated to musicmatch). The ActiveX control allows for arbitrary files on the user's disk to be overwritten.
11fd920c5376d04b6b942e8d782b5ab5c9062b6024be9018a38a7f67cccad923System's protected with libsafe my not be fully protected when multithreaded applications are running on them: a brief attack window may exist where an attack can execute malicious code without libsafe being called to verify things as safe.
36be85c239bf7eb36e43805fdd22ff28338c953972e31ec9cf067a21f1e92011GOCR (Gnu Optical Character Recognition) contains a heap overflow.
afb2abf973047003b3fcb5711eb81087f9f2a9e0c844a1fa64a790403e982cd1Debian Security Advisory DSA 709-1 - libexif remote buffer overflow. Sylvain Defresne discovered a buffer overflow in libexif, a library that parses EXIF files (such as JPEG files with extra tags).
c2a7812fbb6ff327e408302fc15ef6561ebdad0ebf7c737530c364cb58f717a9Dameware stores the username / password of the currently connected user in cleartext somewhere on its heap. (Note: a great number of other remote-access products probably do this as well).
2ba2eb9f10af09f46038b23b0d6cb684ed80a7a6a73113df3a867e99be5817fdThe log function in Perl's Net::Server module (used by postgrey, among other tools) is vulnerable to format string attacks. However, it is not clear what the exact impact of this is in a Perl environment.
778555738d428bd2a4087fa2b5c8d98b4df893c1bcdcc2f5c4e68e53bd7634faYager, an online air-combat simulation game, is vulnerable to several overflows as well as several Denial of Service attacks. This advisory details issues in versions up to 5.24.
3e9e1377c6d538e2c6ab12326ddfb1a9889cb7aee4dbb8d4f3c1fecd7afb77aaThe default POP3 server installed on iSeries boxes allows for username enumeration. This PDF contains a table converting POP3 login errorcodes to their actual meanings.
4d267c5719f82f3364c7ebc3a98ea3abbcbf5823e3324094c48771565765e12eThe InternetCreateUrlW function of wininet.dll, a core component of Internet Explorer, is vulnerable to a buffer overflow attack when the source buffer is copied into the destination buffer using WideCharToMultiByte. In practice this is probably only useful for Denial of Service attacks (if that) and still requires some social-engineering to actually exploit this.
ff53458ff1c02389c39168172c59ac6ab1cbb62bfdb0fc78469a4dc9190da6caOlder versions of MusicMatch (like a large number of other software packages, including core components of Windows) make an insecure call to CreateProcess. This is a local attack which requires that an attack can write files to the root of the C:\ drive, something that actually is possible with versions of Winows prior to XP.
9faba944c8b50a3f791d05142beaf4ad28418d0d8414df595ed593e83feed2eeUbuntu Security Notice USN-111-1 - A remote Denial of Service vulnerability has been discovered in Squid. Versions of ubunto up to 2.5.5-6ubuntu0.7 may contain vulnerable versions of squid.
5410ff64f8687a5559684c5a08918347a5be9390c3b89ed0c767095b795a22d2LG u8120 mobile phones are vulnerable to a Denial of Service condition when malformed MIDI ringtones are sent to them.
43d00dc0128c5866e3796a05f31f1e9218064ce1216fa3f9f1e729bed32d07aecpio is vulnerable to a time-of-check/time-of-use attack, where a user MIGHT be able to change the permissions of arbitrary files on the system, when cpio is being used to unpack an archive. The likelyhood of this attack working is EXTREMELY low.
adfbd806dec0f7b16d8cdda758c2e49fb3927d4e11c4c2152a78aea6d416202aIBM WebSphere Application 6 and prior are vulnerable to a JSP sourcecode disclosure issue when the Application Server and Webserver roots are configured to be the same.
f528fdb3fac42ff14cc7162becf5513975c73b196deb7b13bbcfff0c72f0f3d1Gentoo Linux Security Advisory GLSA 200504-12 - The copy_symlink() subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Versions less than 1.2.1 are affected.
a1a6ff3a18efb1b5a7fc789b905df40270bf6e2d26b9f4b368572cb426b4d8f4WIDCOMM Bluetooth Connectivity Software is vulnerable to a directory traversal exploit.
26922982be2e110326b1f4ab84e34eb26baddab981f457133c2df971e2f2f145Serendipity "blog" system version 0.8beta4's "exit.php" module is vulnerable to SQL injection. Previous versions were also vulnerable, and it appears this has not yet been fixed.
ca137befd87bb23f0e1a05b1a0c1c339ec2fb1a20c1fc627330d60c19533f5f4Gentoo Linux Security Advisory GLSA 200504-11 - James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs. Versions less than 2.0.2-r3 are affected.
5230e1bc925375fa4788e07f7ce82ed74e9dfa93f2e7f7d56512315e0fe36532Debian Security Advisory 707-1. Multiple issues with MySQL, including: incorrect privilege handling (users get illegitimate access to databases named similarly to those they have legitimate access to), arbitrary command execution for any user that has been granted INSERT and DELETE rights, and race conditions due to predictable tempfile naming schemes.
8f5c94fb7332fb046cb8ba8ed05f37326977d9787fac3593b9bd7b35da35d0f1Gld, a greylisting server for Postfix, is vulnerable to buffer overflows in the code contained within server.c and cnf.c. Gld is run by root by default, meaning this is a remote-root-class issue.
398a498a2c6d9de9531d7a8a48c1683fe5a153b91ff1584453c5367b7c65add8Debian Security Advisory 706-1 - The Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.
10f84aee682a1865f89c6e409073124f8a3910a5f499cb79b38686f56a11439ezOOm Media Gallery is susceptible to SQL injection attacks.
b88f4b753bd42e9c2ae76a295971593f9fffeba89289f14643f0dc3375f5ac24Technical Cyber Security Alert TA05-102A - Microsoft has released a Security Bulletin Summary for April, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Exploitation of some vulnerabilities can result in the remote execution of arbitrary code by a remote attacker.
3c4afe41c5453fad4a5bfa073bbac7c40792450fc856da20772568df97503e76DoKuWiki is susceptible to a file upload bug.
ed7180efed1b0555eda2d2aa14fbfdc213a32e96846f52a658c94be1e2ad0bfcCisco Security Advisory - A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled ICMP Attacks Against TCP (draft-gont-tcpm-icmp-attacks-03.txt). Multiple Cisco products are affected by the attacks described in this Internet draft.
1f9284a7574fce778b0209924984b5651e903fc11afdbd146cb97effaa4598dc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed