Exploit the possiblities
Showing 1 - 25 of 521 RSS Feed

Files

SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Posted Oct 29, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2583
MD5 | c4af04d7c30dd03dda3e8f5888336601
Adobe Shockwave Player "DEMX" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2582
MD5 | 061d0e03670a14fb830e0d5925cefc41
Adobe Shockwave Player "pamm" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2581
MD5 | a728cd76edd25558331438f7dcb649d7
Ubuntu Security Notice 1011-3
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
MD5 | 637c75af6ed7cfc0f7633dc195d05bb4
Adobe Shockwave Director pamm Chunk Memory Corruption
Posted Oct 29, 2010
Authored by TELUS Security Labs | Site telussecuritylabs.com

A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-4084
MD5 | 94bbf579e7ce82be3b0c69ebe04c3417
Ubuntu Security Notice 1010-1
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.

tags | advisory, java, web, local, protocol
systems | linux, ubuntu
advisories | CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574
MD5 | 73094410a6a76a0e8a4a0ffcf5b3457f
Ubuntu Security Notice 1011-2
Posted Oct 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3765
MD5 | c244a782c438ac4e72bae66a0daaeca7
Mandriva Linux Security Advisory 2010-213
Posted Oct 29, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.

tags | advisory, remote, arbitrary, javascript
systems | linux, mandriva
advisories | CVE-2010-3765
MD5 | bedf28c35a50e9cb8f7f2d68bd4533be
nSense Vulnerability Research Security Advisory 2010-002
Posted Oct 29, 2010
Authored by Jokaim

nSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.

tags | advisory, remote, code execution
MD5 | 6c1259bf89876a4db26f387ccbe3d915
Secunia Security Advisory 41952
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | ce043d86e90d1ea68eea507736d89494
Secunia Security Advisory 42020
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, fedora
MD5 | 39c749bdfcd3f88715606712f74b6a41
Secunia Security Advisory 40590
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 3125432956b0db9c92a9ee3ae5fe4d26
Secunia Security Advisory 42011
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | cisco
MD5 | a994c58947e472104badab7c7164a618
Secunia Security Advisory 42013
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
MD5 | 85fe8f6c8c40fe1daf67e2b11bb954b0
Secunia Security Advisory 42027
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, vulnerability
MD5 | ea5dc6ac31df8683587918407bdf0a3a
Secunia Security Advisory 41975
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 50b7299f596b83dfd7b5dab4efb83cda
Secunia Security Advisory 42018
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for sepostgresql. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | f559ae17ebe2e5ac49c299d20464e01b
Secunia Security Advisory 42015
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | cc40412065c186eed067c2b2d7f52626
Secunia Security Advisory 42028
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, web, denial of service
MD5 | 65dd133eaf42e255b58974386d81babf
Secunia Security Advisory 41967
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
MD5 | a4d1f9a49b6edea7b85e151a5e304baf
Secunia Security Advisory 41917
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | e2729a1f8482fda15e5e7a731258970d
Secunia Security Advisory 42022
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 32af9b9cf8159d41c1683c885460a42c
Secunia Security Advisory 41984
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | windows
MD5 | ef443123422509f8ba0ee7019b671f54
Secunia Security Advisory 41966
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
MD5 | 49d08017d24551acd9ed0d94d65ce043
Secunia Security Advisory 41761
Posted Oct 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, ubuntu
MD5 | e02445be5b1f92f9887998bd5ced6c5d
Page 1 of 21
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close