Secunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource name in a Soundbank file and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.
8dec758bd05e09255310908caee81ca57294e5838db04bd1710b8f3a771dd7dfSecunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource in a Soundbank file and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.
7d87820c079f661519dec2809651c7e5860de57169dceabbdc743b7267772403This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.
08157a8dd7cfd5cb407ffa0138623559421da7fed35cdf32b494e3edc81120bfDebian Linux Security Advisory 2025-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
5ccd1a2ad93d249d46e731464cdcc802a972eeda3800afed3825af7057dffa07Debian Linux Security Advisory 2024-1 - Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.
df816b8afbf70c2954a08251cfd6d16c462747e1df0f6748278ddd52d3b1433bRemote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
a93c7b1bf48d73b062e00b4bcc020d13797e54a1c0439e6efadd535c2fdb2b1biDefense Security Advisory 03.30.10 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s (formerly Sun Microsystems Inc.) Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.
c8136fdeea2fd3eee123f117e7725124c2bbfe3eb2d36469fe6bc5b899969b0fThe Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.
fd01d4172df55b8994b34803311ab871ff8630ad51141bd4511fe4f4065759a2Technical Cyber Security Alert 2010-89A - Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.
4a8d24e3f98faded1f07188e745a6e73f90153f557b6253007425145b99d31b0iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
bae091af2398a6905bf7b190dfabb58f5965eb1526edb5df68eef29f862a6007HP Security Bulletin - Multiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information.
2a35e1c43d465a3b7fd34dc18a20f0d68c9898dc3bdb7f19c71a2c0edbdc8a20Secunia Research has discovered a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).
5134f35b273cbc82406c71d36a286ab9ee387d8b95bd20cc48b361730aa73186Secunia Security Advisory - Two vulnerabilities have been reported in Apache ActiveMQ, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
d783936d5cdaf91bcd4d567dfcc9fe8a168f449294ae6f84510c87b9847c5062Secunia Security Advisory - HP has acknowledged two vulnerabilities in HP Insight Control Suite For Linux, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
6126821d96ee6ecd67e23f28b6e292c57d466078025e6ee73ee85e3f283f1cb4Secunia Security Advisory - Multiple vulnerabilities have been reported in Sun Java, where some have an unknown impact and others can be exploited by malicious people to manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
a497c46e3103d772d4a0463f4c1acbeb0745d9938a2ac575aeab3577c8a589a1Secunia Security Advisory - Avaya has acknowledged a vulnerability in some Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
23bd59f99e48b1945a692d765e2b0a7c072862e769f1c7d3cccfc22acbed9a6fSecunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
f54bc5d48d5c8cab2576adbd7354205d56e6e37f77c9fc38b7a5ff38336ca488Secunia Security Advisory - Two vulnerabilities have been discovered in huroncms, which can be exploited by malicious people to conduct SQL injection attacks.
2c189e8b571a4aadca85d23aaef69a320a284f60224f9409db6a43868dd0ed7aSecunia Security Advisory - A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct script insertion attacks.
7304e55716fcf55b4143fca85a722983f663faf8013f992a9d8f1700e35aa420Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
395d29e59f3f635229480302e43b87e9d6bb19b7f65c99a3ca9d69325af732f1Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
6bbd52196a74cbfbf8fcd4eec4c10439fd2c85e7d8dd3dc95395ab2e25fcd11aSecunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
fbf62bb52e86f6ae1b44c30ef143d86246fff4cbbc98e74a41616477491d8703Secunia Security Advisory - A security issue has been discovered in P30vel Hosting Script, which can be exploited by malicious people to bypass certain security restrictions.
6e804ad7e735fba2c4f85bb5daab1e8037cc6f2c6448eecff3125bb90a6a724fSecunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
cc838889b887a84a11ba157bb9b6409739d77be77310cf7d4c2b9e1185257418Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
5aabf0d33b2b421106d92f4765d6b640f503075653c2952c496bd37ee8c898af
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed