exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 649 RSS Feed

Files

Secunia Security Advisory 48135
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | f5954896759faa4a4cffd101829f1b49859313f5a151f856781e0a62aa651abe
Secunia Security Advisory 48134
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for pdns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | bd192c2b610cb440fee76350d3baa3f9b602501154d3151631f48e692bc7b719
Secunia Security Advisory 48137
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | d10d20bab64506a533201fbe49baa7c1c88fab193ae042cb2a8c7512076636f4
Secunia Security Advisory 48136
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for heimdal. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
SHA-256 | 5cd908d10e0c7e4f3e4216e4764d4306e0e72c4466bc8597e9a1ba97f92cb6bc
Secunia Security Advisory 48142
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, ubuntu
SHA-256 | 30d0d250db5eb9470c60f709852f233c37bed82bc638cb3118b018a144fa6321
Secunia Security Advisory 48052
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Apache Solr extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2c65c4a2ca64ff975cb23ebad1d56bbbfddb8581f45bee3a495007ce232bcff5
Secunia Security Advisory 48127
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Movable Type, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct session hijacking, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | a4102d862445475435b9e7ef09ceabff9b1f2f914ee0a4beb2147b1cd8f4fb78
Secunia Security Advisory 48096
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Magn Drag and Drop Upload plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | cb39734656cc2b67779bb9163f258699f478640d3779c5dbc19e935ed7ecbb5a
Secunia Security Advisory 48064
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - the_cyber_nuxbie has reported a vulnerability in the DT Register component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 97c42350a36887f8e92d76432bd1fcf2e8aeb3be387be77298c4e0b520208c00
Secunia Security Advisory 48090
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple ABB products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | c8c3b70940a0a30779bf4f26c9617244968029e1b6b9e1c740b2dcbd0edb39aa
Secunia Security Advisory 48038
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for ibutils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, redhat
SHA-256 | 8c5c9034dec8ed0108465555b76b61cf4a7f82dc701d23b97859106de291803a
Secunia Security Advisory 48106
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | ee4a2b9bddeed2ed38508d9c553446aa136b187797eff4c5eaf65ef142a21adb
Zero Day Initiative Advisory 12-039
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | d94a0659bb3d5751620c9a917bb3a7a6afb99e1f7b7888ddcbff44a739da4dbd
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution
Posted Feb 23, 2012
Authored by Peter Vreugdenhil | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, overflow, arbitrary, code execution
SHA-256 | 7d7c2f550994a2e5cd5e28b925d468c48c1d40628d005eac85f1b8d0d1c73513
Zero Day Initiative Advisory 12-038
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | e396c40d1238a4b32b4de88a4e7c7a94f996dbe67c411ef01c6eb21bc7741d5a
Zero Day Initiative Advisory 12-037
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.

tags | advisory, java, remote, web, arbitrary
SHA-256 | a095f2b41c9458ca35fc7a84f9fa435bcb5c3afdd726d804553da5e42524a72c
Zero Day Initiative Advisory 12-036
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0155
SHA-256 | 91ba23f83f6adbe244489b8b48522efdcef4f230714e8addb8a8a5a7d593320c
Mandriva Linux Security Advisory 2012-023
Posted Feb 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-023 - It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-0841
SHA-256 | 11f7dad26c9da70df5a6e937277e758f721a83530bf66fef369c67b2ce222427
Zero Day Initiative Advisory 12-035
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0011
SHA-256 | df4f311fcd1579648e5945d76912d846d27da68fbe2df2c21540d95d6a0122e9
Zero Day Initiative Advisory 12-034
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2012-0150
SHA-256 | a83c58db30683d599df4aeb59ef7425627e17a94a25da7f227d7ceab7170b361
Mandriva Linux Security Advisory 2012-022
Posted Feb 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-3026
SHA-256 | 7e81a111ef1b1fb00ad6d1aa3d0f796e2df59993d8ad6ea01b71c9d6e9575d7d
Tremulous Inherited Issues
Posted Feb 23, 2012
Authored by Simon McVittie

Tremulous, a team based FPS game with RTS elements, suffers from a large amount of old Quake related vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2006-2082, CVE-2006-2236, CVE-2006-2875, CVE-2006-3324, CVE-2006-3325, CVE-2011-2674, CVE-2011-3012
SHA-256 | 957204bc8a1064b5afc2c54e973081970d37c715e0429db6d279810022212fd1
Zero Day Initiative Advisory 12-033
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem).

tags | advisory, remote, overflow, arbitrary
SHA-256 | c19054aaeda7316388023d840ae6dfbe26300e49d337e63162e86a1ed98b70b4
Zero Day Initiative Advisory 12-032
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | de856aa61d7d5504a5332e85ae7a8c346fb55b885e46e6034141a1c3c1ca8861
Red Hat Security Advisory 2012-0325-01
Posted Feb 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0325-01 - JBoss Web is a web container based on Apache Tomcat. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. Various other issues were addressed.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | d22d787c4112a659c3c9e4f42170042f88ea6052206c4cfb93c8a3c97eae2892
Page 5 of 26
Back34567Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close