On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.
ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.
d65fab95536006f5a8a8545eff4d02524698f63bed04d5515fe21776d1ea97e1
Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing CAMF section in FOVb images and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.
db72a3562dc68479de1367e98146b3c4c4222d69e61574ce70158fc840cac565
Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.
5ae53f5fbef1f5539ef71eddc2a163711178502a8a9d788c3571296844ce496d
Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.
4ed653941f8a16749d3b9b610f5f0203e8ff2d471eb0c5b330fb01af85a0c3bd
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.
ed3d517ee666d030f5df6830cf8981005659fc92cb0c554af44305ac144591c1
Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.
862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
Secunia Security Advisory - Core Security has reported two vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.
f15da94674d8a590cf737536e6ed1fec37abd2f2224d160792e4e96b85e44472
Secunia Security Advisory - Debian has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service) of the application using the library.
2434d093c4e607731df9038e83c8fefddf26a1a416533ec7bb7a45bab6b9b2c2
Secunia Security Advisory - Two vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.
22fd454180c7a8369b9ffcaa877e41848cd7aff1b1ef91141eaf05dc7904da54
Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a security issue and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
36f7240001af14fe9801a93c0be224b68592eb4dadb4b6dcfb433429b15cadd1
Secunia Security Advisory - A vulnerability has been reported in the nori gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.
2296ef7fbc2a950485d99279e28e3394db17507dd715a4babde545b7db717244
Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the WP Online Store plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
313855b42bbc8a69e5f3e0dd675549b1665a6461185292f1fc9211f9c0a73bde
Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in AbanteCart, which can be exploited by malicious people to conduct cross-site scripting attacks.
a36488d63285d65b1b7ce471a947384768209114703d4bb5780efc8300982c2b
Secunia Security Advisory - CA has acknowledged a security issue in CA ControlMinder, which can be exploited by malicious people to bypass certain security restrictions.
94e29c631a583f7cd43bf836e0602e0eb55b6d86919c70db38f2ac5b107f2c1e
Secunia Security Advisory - Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
d0e702d618b3af6f61896f6bf4482e779c68ea0fd31eef1448ffecd11a61602b
Secunia Security Advisory - Two vulnerabilities have been reported in Symantec Encryption Desktop, which can be exploited by malicious, local users to gain escalated privileges.
e342ec9c966c3c3a09a28080de828afe93a1d1a42ed531af4e52a4a8e0f93d34
Secunia Security Advisory - Walied Assar has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a Denial of Service (DoS).
8b2fb7ac337144afad657c4f1294d143a368958def648ba87188667db8a7b910
Secunia Security Advisory - A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
501b2ae3e91b7f9622b0c008a5fbd37de115f49d34294032c8315b4d33592886
Secunia Security Advisory - Henrique Montenegro has discovered a weakness in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to disclose certain system information.
4d5a20a9963122b30a537bcd8665016290944446ce176017dc0af696539eba94
Secunia Security Advisory - Debian has issued an update for polarssl. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.
ebd30a614b9452d9df19556b3223880b313ebfe62e85ca8722193aa6dfffbfb4
Secunia Security Advisory - A vulnerability has been discovered in the Editorial Calendar plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.
c4d98aa94f2e0a706b07e4e932eb4f7f78658ad9ccceaff0c982df4bc644a2dd
Secunia Security Advisory - A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.
db999efb78d6772494df6e3229836558420d52a680388bbfe62c1e4a0eee360c
Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.
34e57e4150b39ca715f4764e2aa44960081d44211de9824638ca038204b6b611
Secunia Security Advisory - Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.
5ef2103a5491a2f66e7ee99ef059410fd5cfe8c84ddefe91ebb609f16929fdc4