Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.
bda7d9a6037b717f828fe03148093d6578e44697389fab80cebbcb196eeacc52Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.
0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0cSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.
a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495abUbuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
ea538fb7a396cad06d7b022df27a6427f3c3f3de5e776aa2b925db67faeff274A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.
52321373bf2a0653fb086d290321ba798dc5e0c8bffe3c1b5a613be0afe0213fUbuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.
dbf842de06300f7667099150cb0e617a4a3656e900e4a73d6bc01c5ed06a9df2Ubuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
80c141f74cebc113235f042dfb7cd7ed50aca7352fc34b58fdc7627cb6a710b2Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.
4cdfd6730622b7459b8ae41be37d6808924aa067a1e95a69d2c972df23792f1fnSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.
4d8e9182c0ec20a67fe4eed4f3b148ceb19bf7b43682b701517e967385d3e755Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
9e548959c53d9df31528868848e54e4674085694b0edaebc92d5dac00e55cd92Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
79a31d9ffe87fb001702e0e6de17c6c372a4a6533dd2240e55e862abaeeb7f91Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).
95bd95bd686c49818c3cc8b930ddab537752ecb5ca782071e3551b116f94343aSecunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.
da18a4d2d37e73098e152efb1a50d5c8372bbc862146d784897254720ee7ac8cSecunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.
929452614c534f73f864f4574ac52ee9b8ad64e4eda7b16b18891072db69fd5aSecunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
b59bd4ade60bbd62822339118827c175a2a3f920e1d3c54c0c44e9e733a0613dSecunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.
24b81b1f91002255b2aa8f6138ecce1d206ed8cdd9da9bf0879e7bda5d301e39Secunia Security Advisory - Fedora has issued an update for sepostgresql. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, bypass certain security restrictions, and compromise a vulnerable system.
d83a862aee72650d426d4b610d12845f0dd3d5ad410fab5b07d2a394d45968b4Secunia Security Advisory - Fedora has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9bf7a011cfebd39c12e81f77f3e952975a19e26914b087d9fdf8a8c0b203cb54Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
b1eedb64fdffd59fabfb7ff12787782b29d783add909ce7ea381ce4c88838363Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
9a111d5cdaa8c1070b2a3956d95d712253b72ddde8077f973b15e79fa25cf555Secunia Security Advisory - A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
202436beef7e966bc3140bea793a317fac8b5acebee0a2d8a747b01b2555913aSecunia Security Advisory - A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious people to bypass certain security restrictions.
22c2b89b042cbabc6d8ad03296d5e1b9558ba1a47f19b31628da6c747b44e6dfSecunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
cfa056447c7211cebe5a0432797324118469924c5614a24eecc317c222136328Secunia Security Advisory - Red Hat has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
18a20b6594a5821afa5591432f3c8a3dc63900785da7f955a3268001fa0f6571Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
7b14bf927dfa2ec1325245f24330faf86db46f8315e9e05737882b8d749d4fdb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed