Zero Day Initiative Advisory 11-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the vidplin.dll module. A buffer is allocated according to the user supplied length value. User supplied data is then copied into the allocated buffer, without verifying length, allowing the data to be written past the bounds of the previously allocated buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running RealPlayer.
4f7950d9ccf3d68425f9191e5a7209d82c5c781ecff8aa6a2fee13835b4b1f2bDebian Linux Security Advisory 2152-1 - Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code.
0df6f5b11ac25a100ac343d9019576add718e67970fb289d33591ed5333270e8Zero Day Initiative Advisory 11-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Intel Alert Originator (iao.exe) service. While processing messages sent from the msgsys.exe process a size check can be bypassed and a subsequent stack-based buffer overflow can be triggered. This can be leveraged by remote attackers to execute arbitrary code under the context of the Alert service.
c66e997ca909ee69d691b418c9af54257ad3ef41ac951045ce3fe41ece7cfba0Zero Day Initiative Advisory 11-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied pin number string using sprintf without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
9103f2f8bde5dc8bae7d14c1434a934a1d5d3d0af76a5626963e2a56a0d79579Zero Day Initiative Advisory 11-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied modem string without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
5582eb66895609940331c18a336a7faf107bac4bf5c35e9a3be4db447ed8e117Ubuntu Security Notice 1052-1 - It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented.
7b17cc6f05973bd79811492179b2b66c2f3275af2843ddc9ebae4ac3103af427Zero Day Initiative Advisory 11-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HDNLRSVC.EXE service while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. This process passes user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable daemon.
7374c4395937828b4c9608b5274a8438294d68ae60ae99dea9195de9b79871b6Zero Day Initiative Advisory 11-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AMSLIB.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied string using memcpy without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
089534d8e241bfd9582905aa5c96f9b5ef41c1541a8cdde40fa0a1612acdc0daVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "gwwww1.dll" module when processing the "TZID" variable within VCALENDAR data, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Novell GroupWise versions 8.02 HP 1 (Hot Patch 1) and prior are affected.
557a0d52962a3aa35a46283e0d6a0cfda538de61310dc2fbd2a456f7e11679c3HP Security Bulletin HPSBMA02626 SSRT100301 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
6a5d144de2e59fa328472770123f025419e67db0b1c7bb92a5d2f72a8366cd20A vulnerability exists in EMC NetWorker which can be exploited to potentially create a denial of service condition or eavesdrop on process communications. EMC Networker uses an RPC library to provide a portmapper service within nsrexecd. The portmapper restricts access for service commands to the localhost. However, the UDP protocol allows malicious users to spoof the source address of the network packet making it appear it originated from the localhost. This potentially may allow a remote malicious user to unregister existing NetWorker RPC services or register new RPC services. EMC NetWorker versions 7.5.3.5, 7.5 SP4 and later, and 7.6.1.2 and later are affected.
21660399dbf1d185b83eda092d0c5dc4da4a6779f9b2ea910ce9b0223378344971 different applications suffer from path disclosure vulnerabilities.
c09bd612dececc35c3aa2ed7ac7408eb5e85dcc00323899f103b29c64722dd94Secunia Security Advisory - A security issue has been reported in syslog-ng, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data.
142720d549f61da469ed25c0f11b30f9e09ce62d8140a863fc397ea7bb84b781Secunia Security Advisory - Ubuntu has issued an update for awstats. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
0b382406378663ef41be606269519cca05dac241bbfdc14dca2442d7491bff97Secunia Security Advisory - A vulnerability has been reported in the WP Featured Post with thumbnail plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
a248b027bf0eb2d986c7e929e7359d896bdae72aa83921b49db2973ae3c4350cSecunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
f079cc6b8ef2d1d9335940721d0d729e16aaebc6825718aa33fff069a564d9f1Secunia Security Advisory - A vulnerability has been discovered in XNova, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7e475ab6d582eee9445663463cc8bd92286dfbd4d8c416d5000a6851f2b6a79fSecunia Security Advisory - A vulnerability has been discovered in Vanilla Forums, which can be exploited by malicious people to conduct cross-site scripting attacks.
ae5495d02e7f035c54d55353152e9ee7f4bc30248fb0fb0c1c0833d2d7fafbefSecunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
fa53a788c3c0c0d60732e5dfe25576480d8c92780133c55c9657cdd5e2adb539Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
3ca141abf13c45232c1c9d1dfedaaae71a0b2b8efc99dae3e32a50922665fccfSecunia Security Advisory - Fedora has issued an update for myproxy. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
9e9d067dbba4d853a0ca13706403ee80705f088ea6ef9833f121ea03ad3a8cd8Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
90b7862f3478d76da9485ffe94e2e0f4c7d690366efa68cb12a7bb094560ef88Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Quarantine Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
76b8ca661489e3173f8596b75f16dffeb297dae35adf8dd6e250079ce763b653Secunia Security Advisory - Some vulnerabilities have been reported in the Oracle PDF Import Extension for OpenOffice.org / Oracle Open Office, which can be exploited by malicious people to compromise a user's system.
70b0d8d09a27606810f9c5008fc57b6afb6ce5452f9baaa6444738fd69aa47a2Secunia Security Advisory - Some vulnerabilities have been reported in PRTG Network Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.
1c0a791fad46576a02e0ffd89acd6201cf9e0d0c022646a6ea1283014ad22eb5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed