This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.
5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5Signal Desktop suffers from an HTML injection vulnerability.
7342445a2a81bafeda692b4072a1691a6690f325366e6a19c447cb00b1ecd5e3Core Security Technologies Advisory - Vinagre is a VNC client for the GNOME Desktop. A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. Proof of concept code included.Versions 2.24.1 and below are affected.
3e17538dd72cc925a9aa97a372aec9f82e566dd73c6ec01b5df998cf7ed1b783Core Security Technologies Advisory - The NASA BigView package suffers from a stack buffer overflow when parsing specially crafted (invalid) PNM input files. If successful, a malicious third party could trigger execution of arbitrary code within the context of the application, or otherwise crash the whole application.
e485520020981d3b3ed65b4b395b30ad8f4b39e901af7cdacb5e619551524084Core Security Technologies Advisory - NASA's Common Data Format library suffers from a buffer overflow vulnerability. CDF versions 3.2 and earlier are vulnerable.
6403648bcce3ca7a5c2552a8a172062ded855abbee671444f823f2bf228073afCore Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. Version vulnerable include Firebird SQL 1.0.3 and before, 1.5.5 and before, 2.0.3 and before, and 2.1.0 Beta 2 and before.
049362d5b2e4e09658272b9a1503df66c276926189db05c55ad7bfdb78bb1d0cCore Security Technologies Advisory - The vdccm daemon from SynCE version 0.92 is susceptible to a remote command injection vulnerability. Proof of concept code included.
686f2cf42763970f2eb071d3ad0b8654108f0faa3334bc4f61de9ff5409255ccCore Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.
2d5d5651f3ce213312cb165a62fc0f511f0b8d1488dfffa7ab49170738c88652Core Security Technologies Advisory - A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. ProFTPD versions 1.3.0a and 1.3.0 are affected.
d36acaee71f87bea897777e3ff93edf6478e47c07c9a9d32a58514040e1ae1cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed