Secunia Security Advisory - Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.
66c516ffae04ad2a578953355a9cb64003715abf209faf304d945f80e1c21449Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.
2ffdb1b79f6350a6b1c59f73fc4db5995a244069b27644ae7fa8ed71ce83bd10Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.
cd27edde6cd85413bf8781b815a1b0670f0cbba1090f388be591bab4be7a61afSecunia Security Advisory - Multiple vulnerabilities have been reported in the Job Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
7af47828ffe2a74c460a3c167ab441ff957e3aba0bf449ef81b03a8ea322543eCisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.
49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472Zero Day Initiative Advisory 12-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within he way Quicktime handles Text Track Descriptors. Values for almost all of the text descriptors recognized by quicktime will be read into a fixed size buffer. This can lead to a heap based buffer overflow which can result in remote code execution under the context of the current process.
dbf5f7b5d2c56a334d965efc1089ddc6773033fa814118e2b2ade2ce11d35611Zero Day Initiative Advisory 12-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.
eabbee78d8eade63ec066cd6d6608ab4a06b4c1ef10668b60197c14c5b8086e8Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
f1c0ec875d5f1f6611aaccba87f70c3dded4662ef965ecfd7279dddd6300d5f0Zero Day Initiative Advisory 12-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the exposed GetDriverSettings method in the nipplib component imported by ienipp and npnipp. When encountering a realm parameter this user supplied value's length is not properly verified before copying into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
dad2278a888a8b86768114f8246f8e419ae73d969cf93902e9da0f392a230cc8Zero Day Initiative Advisory 12-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Cognos. Authentication is not required to exploit this vulnerability. The flaw exists within the tm1admsd.exe component. This process listens on TCP port 5498 by default. Requests to the service include a request type field, a data length field, and a data field. Multiple request types (opcodes) fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
948d1a63f76e7397259aaddc98b7c87f1d5c6ecaaaaa72a571270335007c2ac7HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.
856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7dRed Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628Ubuntu Security Notice 1483-2 - USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Various other issues were also addressed.
d9f65ac4719ba150d08e186463e35ce618c2f313114fdd6c475d4ccf81f2a1e6Ubuntu Security Notice 1483-1 - It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.
d35f4e8e5191c7b3e61ad07217f45203bbb8f811b3f00949c296b7d3d6c8f3a6Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
25ad29d41bde009fefb9a337f7247199b62531201b03a95af1937b1f9fca28b3Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.
59ced9782d0d884adbabdccc45bd2f21a57bf35bf61f045b944aa6e782018601Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system.
95596c63f8e12d4e90c1f34eb6596003b81263b7992299a09c14e71ac4d0b484Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
265c7b5dcba3142e383147478c9ad171f9141885ab1eaea0928cf8a5cbbffceaSecunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
e20b6771fef183bbd48cd6cbf7563d4311f8f62f605b8a5dca98f09206eb8f05Secunia Security Advisory - A vulnerability has been discovered in Dove Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.
de3d049ab9cf12baa7ae88abf9466b4282e1899571dd007324a81a6a351b0853Secunia Security Advisory - Red Hat has issued an update for libwpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
08960ecc892958042edf006d5da01a264cb66877d2bf95a5f2582ec4a7510c50Secunia Security Advisory - A vulnerability has been reported in AIX sendmail, which can be exploited by malicious, local users to gain escalated privileges.
8c6724513a3c5e356afa8652d823436b5bd7ac975cddafc9f05b68a1a31303d8Secunia Security Advisory - A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information.
6f4998a6c8579b1ce06e07cf1b17fcc9b3837d35f93522f707f77545b1df8586
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed