seeing is believing
Showing 1 - 25 of 35,832 RSS Feed

Files from Secunia

Email addresssecurity at secunia.com
First Active2004-01-08
Last Active2015-12-17
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
MD5 | a7e4a15823312e399086ef314ec3caab
Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow
Posted Dec 10, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2015-6130
MD5 | 40dcd0bc3dc928328e979414fc2368ba
Google Picasa CAMF Section Integer Overflow
Posted Nov 12, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing CAMF section in FOVb images and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
MD5 | d13717485ccd4b70775e615f0fea2717
Google Picasa Phase One Tags Processing Integer Overflow
Posted Oct 26, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
MD5 | a50ca7789fd842d29a76ad55242cbd86
Oracle Outside In Buffer Overflow
Posted Oct 26, 2015
Authored by Secunia, Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-4877, CVE-2015-4878
MD5 | 238c5d118f935b69d5d542c52194e62c
Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
Posted Apr 16, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-1645
MD5 | 6837605e8bfab6ac2be90456e818f90d
OpenPNE PHP Object Injection
Posted Jan 21, 2014
Authored by Secunia, EgiX | Site secunia.com

Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.

tags | advisory, arbitrary, php
advisories | CVE-2013-5350
MD5 | 57f40ad0fbb29c3f6284b4fa96be0f6f
Secunia Security Advisory 52215
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security has reported two vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 7700062df3cd29e3c2b28ddf9c9256dc
Secunia Security Advisory 52209
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | dc522f88b1fa497df4b57c6d12991ee0
Secunia Security Advisory 52196
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | b579c60fa870db0473c68d5e75d2f091
Secunia Security Advisory 52183
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a security issue and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
MD5 | 6699b688c5f59a1d334ede65d33ca54f
Secunia Security Advisory 52193
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the nori gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, ruby
MD5 | 12166cf16eb02e8e86ce42cba126e041
Secunia Security Advisory 50836
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the WP Online Store plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | 730702c2fdb7cf2fbc44dd6ef1fa48bc
Secunia Security Advisory 52165
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in AbanteCart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 38083bde9b9a9377b054a98a2f2c2c29
Secunia Security Advisory 52192
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - CA has acknowledged a security issue in CA ControlMinder, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 981e173ca1b16fe7f731883ed6372592
Secunia Security Advisory 52178
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

tags | advisory, denial of service, vulnerability
MD5 | 53881e15f75ddf0b6b4718857b01e744
Secunia Security Advisory 52219
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Symantec Encryption Desktop, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local, vulnerability
MD5 | 49fbb94c14e50783f2efdd39d56706d8
Secunia Security Advisory 52223
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Walied Assar has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a Denial of Service (DoS).

tags | advisory, denial of service, local
systems | windows
MD5 | c4195bcf2463c69363f41dd777c93731
Secunia Security Advisory 52071
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
MD5 | c49a44d5da61eb14eb7cc464e72bd7b7
Secunia Security Advisory 52137
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Henrique Montenegro has discovered a weakness in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to disclose certain system information.

tags | advisory
MD5 | f322fa85a5a448990d359fb550959558
Secunia Security Advisory 52210
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for polarssl. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
systems | linux, debian
MD5 | 9a5018446f4bca5b4740cd61b2579f11
Secunia Security Advisory 52218
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Editorial Calendar plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 4ff5b38fc65f182f606a82aca051c834
Secunia Security Advisory 52189
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | cb8dff00d09272e08da068f7f8c092da
Secunia Security Advisory 52194
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | cisco
MD5 | 91dc5a76bb0b2195c39f8e0b539fe837
Secunia Security Advisory 52014
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | df4efb91c764cf01005f3358248f265d
Page 1 of 1,434
Back12345Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close