All versions of RealPlayer 10 and some builds of RealPlayer 10.5 suffer from a heap overflow in the ID3 tag parsing code.
46421bbdec94678eace2f1448aa87b7317888d18e61f1d242f583bc1db79e149Debian Security Advisory 1388-3 - The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes available updated packages based on a newer version of the patch.
aa575a2ef5aed2ab88c2ec89366c596430eecb1fb84615f855448062aeb85f21TikiWiki versions 1.9.8.1 and below suffer from a remote PHP code evaluation vulnerability.
1e448247e42b5213f25a1930d3dc3f1fbd07ce7769c7aa65080d354bf82a5b72Secunia Security Advisory - A vulnerability has been reported in Django, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
239531467915702198504158e73a5888cdba35a74b67ca748f5f24b2bb72a569Secunia Security Advisory - rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct phishing attacks, manipulate certain data, and compromise a user's system.
c0102b05fd0443b258507f466521284e422cb330cfbf597967c54ad4f676e86eTeam SHATTER Security Alert - Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1.
58d76e3a0aef0c6352b4c4758f736521b656d25dc7b79ead00dce2d59a6de04bTeam SHATTER Security Alert - Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous patchsets) and 10gR1 (10.1.0.4 and previous patchsets).
c1a8396a98fadf1347f49ba35e4dac43085a4c2e84bd788266f80b864f34c281Omnistar Live suffers from a cross site scripting vulnerability.
67292beadd7560c2dab90692f7e2f9806dcc6e9822d9df3c8059a1ba90df0c36AGTC-Membership system version 1.1a remote add administrator exploit.
0b9b008502ba04e1769466e8168120c061c7f4b6e6b26aa36cebd8b6fcf37de5GOM Player version 2.1.6.3499 remote overflow exploit that makes use of GomWeb3.dll version 1.0.0.12. Spawns calc.exe.
906d927f7281a8d6b9f463de5a38983fe8e053fcbf3c0fe5cc7a02137c97ef19Kodak Image Viewer code execution exploit that takes advantage of the MS07-055 TIFF vulnerability. Spawns calc.exe.
ac113a9757fdb12baa7a63fe821b53472c829b45ebe854614e258959e2d484e4Sony CONNECT Player M3U playlist processing stack buffer overflow local exploit.
19b107d7edc7d67b224ebaa14f6fd2ba851bdbb98711f2d2ce4880a13495b6e4Slides from the presentation Oracle Database Vault: Design Failures.
aa413dac2420e9793150ea25140ef356d8f3b5c166c5a82b88e5082a51840006Slides from a lecture discussing Next Generation Viruses.
6cfbaacb1ce17979d011060139f0ba7bfe18bf60ee51ae17acf2c0723f1c8117Slides from a lecture discussing Shadow Software Attacks.
9d3f365a840d4fe79ac57428f939eee876ade4b85c65af44212870259fb87bd6Slides from a lecture given by the Technical University of Vienna Politecnico di Milano regarding AntiPhish: An Anti-Phishing Browser Plug-in based Solution.
11fdb1fd6cf3504814e13cee83b573ad2c17c0fd9b5ca17d7c6ea7217edc9c3eSlides from a lecture discussing Writing Behind A Buffer.
67417f7ee79d3f522c2a4e3d577097a0fbf2a4fb4b71b2b080564f565d937cd5SAXON version 5.4 is susceptible to a SQL injection vulnerability.
23411f8d6a90e9b31e57ceffd7996d568c7aa8f2fdbeaa3bac734ad639ddb4e4SAXON version 5.4 is susceptible to a cross site scripting vulnerability.
1d43a200a24c368debf8a8e4ecee5ed36919c93f61f189dd6150d359436d3501Webroot Desktop Firewall versions 5.5.10.20 and below suffer from a DNS recursion vulnerability.
7499ce19071c898db4710e4a745d9d4bd46c353b60d884a7b6f1e0746d168c5bSecunia Security Advisory - Joey Hess has reported a security issue in vobcopy, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b73a33229ad873d14944c1485b66cc3d03ac62ac3e6fd46a5b1a4d5adf851dd4Secunia Security Advisory - Some vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service).
425bef9722424c9c57b0d7b7d10ebae7ea0ba5559ab26af6f05a25863be54609Secunia Research has discovered some vulnerabilities in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed in HTTP requests to the CAD service is not properly sanitized before being logged. This can be exploited to insert arbitrary HTML and script code into dsmerror.log, which is executed in a user's browser session in context of the affected site when e.g. viewing the log file via the web-based interface using the "FILE" functionality of the CAD service.
277de8c11d9582d8e9b98a606bb24ac192a34dc0c97ab2267b159f9843c34e82Smart-Shop Shopping Cart is susceptible to cross site scripting vulnerabilities.
6dab28de6ebe8e2ea6aa36fc03a5207632099c3f00fc85f513eb04fb2a85d6efWhitepaper discussing the prevention of cross site request forgery attacks.
f175ac2a874a9f1415a57c6ed31b6044ef783497e4f88ea01d77445b1856299e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed