Zero Day Initiative Advisory 12-020 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
0e61a6e226350f291abb2c1d035a02dd7b420e246ac20734c7e602223f151f77Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.
854bc2e262fff88ef741e78bf82fffb4832ad1b7eb87f4f13c662b94e8d6c14eMandriva Linux Security Advisory 2012-011 - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. The updated packages have been patched to correct this issue. The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t version which is not vulnerable to this issue.
35b11032bcc6ae21446636fb990652ffe9762c98d3d9d0030aaed125ce61a84dDebian Linux Security Advisory 2398-1 - Several vulnerabilities have been discovered in Curl, an URL transfer library.
affc00b6775ce7bca3c3607be8f46595ea437e93d99e80f5874d29cbbc9e4d89Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
baad128edffc63cf96f6415bcd8ed20845d4c2166743c0cf07a2e6869a63d515Gentoo Linux Security Advisory 201201-18 - Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code. Versions less than 0.8.8-r1 are affected.
e549809610bc17b343128bb8db5c084ec972795ac311e48c37fed0d3767d72fcRed Hat Security Advisory 2012-0071-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.
5aa584ae8e2538b311608383e29e10b03cfc35f4dda508f886e8a55f83326c25Red Hat Security Advisory 2012-0070-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
03b3e4cae76347af80bc92c207769ad0a2a84889ef025d717522605f2284e476Red Hat Security Advisory 2012-0069-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
f7e42c50959c0fb32cbaa649ddc8262f37b293afa41649f8324f881d14fac350Debian Linux Security Advisory 2397-1 - It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.
33155ab7e9a7b17b4c88cdcfe061b9ce02b5b72b86507f4eee3765acdc720f58Gentoo Linux Security Advisory 201201-17 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 16.0.912.77 are affected.
eaa004838721d039091f8548c7c6641f0341f17b63e976316bbc9668c5791b8dSecunia Security Advisory - A vulnerability has been reported in WHMCompleteSolution, which can be exploited by malicious people to compromise a vulnerable system.
7836e9780a7d6743119d29fe5fe1e565dc52a9fcf68665b4caa4637656092824Secunia Security Advisory - Two vulnerabilities have been reported in IBM SPSS SamplePower, which can be exploited by malicious people to compromise a user's system.
29beac5953b698d745bb01103c874092886d220acd5c8cbc3f833e81273cb725Secunia Security Advisory - Multiple vulnerabilities have been reported in Postfix Admin, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and script insertion attacks.
0fcd50f64699587ecbea6b580ae7675a38fec1cf457ebf05b22ea36c0f0a6e13Secunia Security Advisory - A vulnerability has been reported in the Search Autocomplete module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.
dfb17ecb6f275da69b81b80de74b13ae64fbf1632d84d9b14984910561c4ab51Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in DClassifieds, which can be exploited by malicious people to conduct cross-site request forgery attacks.
6ce2fbe994fab9b7edd8d23a393ffd074bdcb336e4c753e2d980a7a1070b3fc9Secunia Security Advisory - Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
d5416919a14910653e520de295c93869bd39f9c94975208b811584c384e3254bSecunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
7a85b19a07004b670561a7a7a9160e7c55855754504afd0668b19e3ce77c2093Secunia Security Advisory - A vulnerability has been reported in Samba, which can be exploited by malicious people to cause a DoS (Denial of Service).
14309a8acef624203641ff15d5959a7c02824e8c82f87fffd14e0b01197992e3Secunia Security Advisory - Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
66971616d229ba8cc44f9a624df34c67061a43a0f2c89c678fee140536146f6aSecunia Security Advisory - Ogro has reported a vulnerability in Ada Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
dd4e97d5184145da9ef2b8af50f4ac56a608de85746d57a9489efe65af5a5f11Secunia Security Advisory - Debian has issued an update for icu. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
d1cfd72e14abd163f84a6d362d3e0f0d464624e8de190b9fef81311545244569Secunia Security Advisory - Gentoo has issued an update for xkeyboard-config. This fixes a weakness, which can be exploited by malicious people with physical access to bypass certain security restrictions.
c26cc52558610ab67469174fb26818f83360bd1a5964fdf9484773e54fa57567Secunia Security Advisory - Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
419259e25f26b4bc35b66b6640f283b8dc9c742b5ce663c9316b213638164710Secunia Security Advisory - Gentoo has issued an update for chromium. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
2c7ef6501c218e169b5a5f20f9901832dde8dd4520c0c7fe48e01589c50bf59e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed