Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.
185b2a8f4df8fd3182b6a8b7c17b80825f8ca66454647c947edaad4f084253e6Secunia Security Advisory - A vulnerability has been reported in X1 Professional, which can be exploited by malicious people to compromise a user's system.
2694c18cf05e99a6ef0e21b78a68619240ebac0c75c9c6b17392089fe8486045Secunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
fd994de5c1e5d9998ee055f2fa994bd1fbb268752a3c9886146444764d9657abSecunia Security Advisory - A security issue has been discovered in MyNews, which can be exploited by malicious people to bypass certain security restrictions.
ff969b224626e332f41f65c187b07cacac46b552efb862c911e30cfa35b216c7Secunia Security Advisory - Two vulnerabilities have been reported multiple Sybase products, which can be exploited by malicious people to compromise a vulnerable system.
f96172a62d5c09ecdda2dd18f68d30b6b9270990fced1b428bcef953c42b3872Secunia Security Advisory - A vulnerability has been reported in libsoup, which can be exploited by malicious people to disclose potentially sensitive information.
b778b5ef04e01cc3a90d1e47373d7aa15241df754d9b7c558c454198ba2c94d3Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM WebSphere Application Server Community Edition, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
f6dae7c66fb1a3c7734454bdb79bc8a98454c9204417331ed6f5169007e4ece3Secunia Security Advisory - Ubuntu has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
a96209127f0bef8b7c8aec0164be3f8c824d8b007b5f9b9a204a5e34add198fbSecunia Security Advisory - Red Hat has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
412cb777bbcf55da3abfd364289c8f78933e4a9a3fddd9db6a4d3e53ab033c37Secunia Security Advisory - Multiple vulnerabilities have been reported in Group-Office, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system.
a0551ae00c115acf08014a5a51ae06dbf200606466bd5fef471288efa5e01cbbZero Day Initiative Advisory 11-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.
525d12ef9dcc8cc2e5dc96c1991ef7b8a03b2480d4d6e79b8ffdb56c08950daeCisco Security Advisory - Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings. A workaround exists to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.
33bcf3e51909c455b5c3fae308d9e8e2032825d079b6cad6b6ce0e251294ab9fZero Day Initiative Advisory 11-245 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handle certain data in the login packets. Malformed packets can cause the service in question to lookup a function pointer outside a predefined function pointer array. It is possible to set this function pointer to an address where user controlled data exists and this will result in code execution under the rights of the user running the Monitor Server.
a33a5097372aa85175aa3ce715085578d3c1258260b45dacbedcb9fe9a6fb67aSecunia Security Advisory - A vulnerability has been reported in Lucion FileCenter, which can be exploited by malicious people to compromise a user's system.
106b95ee151eb4dc79130d7c996ff8a4bacfe5c7afbea8d9ab538ebb2ed0a1e1Secunia Security Advisory - Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct cross-site scripting attacks and potentially compromise a vulnerable system and by malicious people to disclose potentially sensitive information and potentially compromise a vulnerable system.
b05799b2069cc6f9ba2eadf12b290fa959240ca5ceb2517f49d2d8c361d86539Secunia Security Advisory - A vulnerability has been reported in Godly Forums, which can be exploited by malicious people to conduct SQL injection attacks.
22b1794d2a12680703d15a77be50ad8e72e1d0235dd6ad32c481052c7af37898Secunia Security Advisory - A vulnerability has been reported in CobraScripts Jobs & Recruitment Script, which can be exploited by malicious people to conduct SQL injection attacks.
46207b94a9d9d7fcb3aa4b6844680335682a49201d7146d918dd3f3555a95376Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes two security issues, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
9ca0b02a782062b8db98170f7f6bb66423e8ff597f916096510c882368445b4aSecunia Security Advisory - A vulnerability has been reported in Icculus.org Quake 3 Engine, which can be exploited by malicious people to compromise a user's system.
0b0cc149ea827c08acf79af3e4aa5b77c98c712d1e25639bd38e73ff04a4c9eaSecunia Security Advisory - Two vulnerabilities have been reported in HP Network Automation, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
22df95bfb2a34a631abfc84feadc055e36015e852ad3dd9021eb9d32dab82472Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
cccd736bc64e955629f03ac6d4567c13a38cc1cc1ecc5c90caefa8b921b6b82cSecunia Security Advisory - VMware has acknowledged some vulnerabilities in Console OS (COS), which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to compromise a vulnerable system.
4217b6eab3a29c5ebf57c46ceefa17aabe2e44d2f6c5659934f457cfd5eaab87Secunia Security Advisory - Multiple vulnerabilities have been discovered in Seo Panel, which can be exploited by malicious people to conduct cross-site scripting attacks.
47386b2d12c8b3b9e6ead10b0733005e85dac06c3fc2dbf401ecb5086424e69bSecunia Security Advisory - Red Hat has issued an update for libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
b0c231be561cea6c277e3fb6f1476def6549769a07fcd5f12ca6e6f3db0c5895Secunia Security Advisory - Red Hat has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
82b988ae1a0569414d3315ec2ddd833487341fae883c46a471b12aed24c709fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed