exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35,832 RSS Feed

Files from Secunia

Email addresssecurity at secunia.com
First Active2004-01-08
Last Active2015-12-17
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
SHA-256 | ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow
Posted Dec 10, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2015-6130
SHA-256 | d65fab95536006f5a8a8545eff4d02524698f63bed04d5515fe21776d1ea97e1
Google Picasa CAMF Section Integer Overflow
Posted Nov 12, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing CAMF section in FOVb images and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | db72a3562dc68479de1367e98146b3c4c4222d69e61574ce70158fc840cac565
Google Picasa Phase One Tags Processing Integer Overflow
Posted Oct 26, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 5ae53f5fbef1f5539ef71eddc2a163711178502a8a9d788c3571296844ce496d
Oracle Outside In Buffer Overflow
Posted Oct 26, 2015
Authored by Secunia, Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-4877, CVE-2015-4878
SHA-256 | 4ed653941f8a16749d3b9b610f5f0203e8ff2d471eb0c5b330fb01af85a0c3bd
Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
Posted Apr 16, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-1645
SHA-256 | ed3d517ee666d030f5df6830cf8981005659fc92cb0c554af44305ac144591c1
OpenPNE PHP Object Injection
Posted Jan 21, 2014
Authored by Secunia, EgiX | Site secunia.com

Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.

tags | advisory, arbitrary, php
advisories | CVE-2013-5350
SHA-256 | 862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
Secunia Security Advisory 52215
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security has reported two vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | f15da94674d8a590cf737536e6ed1fec37abd2f2224d160792e4e96b85e44472
Secunia Security Advisory 52209
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 2434d093c4e607731df9038e83c8fefddf26a1a416533ec7bb7a45bab6b9b2c2
Secunia Security Advisory 52196
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 22fd454180c7a8369b9ffcaa877e41848cd7aff1b1ef91141eaf05dc7904da54
Secunia Security Advisory 52183
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a security issue and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
SHA-256 | 36f7240001af14fe9801a93c0be224b68592eb4dadb4b6dcfb433429b15cadd1
Secunia Security Advisory 52193
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the nori gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, ruby
SHA-256 | 2296ef7fbc2a950485d99279e28e3394db17507dd715a4babde545b7db717244
Secunia Security Advisory 50836
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the WP Online Store plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | 313855b42bbc8a69e5f3e0dd675549b1665a6461185292f1fc9211f9c0a73bde
Secunia Security Advisory 52165
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in AbanteCart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | a36488d63285d65b1b7ce471a947384768209114703d4bb5780efc8300982c2b
Secunia Security Advisory 52192
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - CA has acknowledged a security issue in CA ControlMinder, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 94e29c631a583f7cd43bf836e0602e0eb55b6d86919c70db38f2ac5b107f2c1e
Secunia Security Advisory 52178
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

tags | advisory, denial of service, vulnerability
SHA-256 | d0e702d618b3af6f61896f6bf4482e779c68ea0fd31eef1448ffecd11a61602b
Secunia Security Advisory 52219
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Symantec Encryption Desktop, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local, vulnerability
SHA-256 | e342ec9c966c3c3a09a28080de828afe93a1d1a42ed531af4e52a4a8e0f93d34
Secunia Security Advisory 52223
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Walied Assar has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a Denial of Service (DoS).

tags | advisory, denial of service, local
systems | windows
SHA-256 | 8b2fb7ac337144afad657c4f1294d143a368958def648ba87188667db8a7b910
Secunia Security Advisory 52071
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 501b2ae3e91b7f9622b0c008a5fbd37de115f49d34294032c8315b4d33592886
Secunia Security Advisory 52137
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Henrique Montenegro has discovered a weakness in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to disclose certain system information.

tags | advisory
SHA-256 | 4d5a20a9963122b30a537bcd8665016290944446ce176017dc0af696539eba94
Secunia Security Advisory 52210
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for polarssl. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
systems | linux, debian
SHA-256 | ebd30a614b9452d9df19556b3223880b313ebfe62e85ca8722193aa6dfffbfb4
Secunia Security Advisory 52218
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Editorial Calendar plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | c4d98aa94f2e0a706b07e4e932eb4f7f78658ad9ccceaff0c982df4bc644a2dd
Secunia Security Advisory 52189
Posted Feb 14, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | db999efb78d6772494df6e3229836558420d52a680388bbfe62c1e4a0eee360c
Secunia Security Advisory 52194
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | cisco
SHA-256 | 34e57e4150b39ca715f4764e2aa44960081d44211de9824638ca038204b6b611
Secunia Security Advisory 52014
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 5ef2103a5491a2f66e7ee99ef059410fd5cfe8c84ddefe91ebb609f16929fdc4
Page 1 of 1,434
Back12345Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close