Debian Security Advisory 1464-1 - Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged.
709413684fbcfe4de2f8bce74ad577baf1efe925079cc2d1f27fee7378cdd765A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Image Descriptor (IDSC) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption situation. QuickTime Player version 7.3 and QuickTime PictureViewer version 7.3 are affected.
ef7d96b0982ebabf7d4e87e2df2b476b5c438e320325d76b3b4f1d7df3d20a4cThe Apple Quicktime Player versions 7.3.1.70 and below HTTP error message buffer overflow exploit.
89a653e5db8d7a3160f90c80abdc466ec35b708c1a5efdf2b96d5fa578d311a0iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.
6d73e3ce9736dc59d009c05ff809807ae8052bbc094fde1bd0def439d35351b7iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted loop bounds vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests to control the number of iterations of several loops. Inside these loops, various memory operations are performed. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
7f196c84113ddcc385c5d70b854af7778a013336ae974c92f3479d023fc233d8iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer offset vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as offsets added to valid pointers. The resulting pointer values are then used in various memory operations. Since attackers can control these offset values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
0d4e1180975b5622df56fb55155580852ab845d3afcc3f51f3a7d74e8eddf4eeiDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
3786ba1f2c0d443c5ba142c9250af385bc9b7d612652583004e74f0b46076165iDefense Security Advisory 01.15.08 - Remote exploitation of a heap overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. A heap overflow vulnerability exists within the code responsible for processing requests. Two distinct values from the request are used for the allocation size and the amount of data copied. Since both values are attacker controlled, this can lead to a heap overflow, potentially resulting in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
d1f2b39e4549949cfc2ea044ba91948441a2d453f40b6a0acbaf1209018892a3RTS Sentry Digital Surveillance buffer overflow exploit that makes use of CamPanel.dll version 2.1.0.2.
a107188cb89bc1cffd2b55b52f95827b328468e2f2ac2e5e5b9117e0368872c5Secunia Security Advisory - hadihadi has discovered a vulnerability in MTCMS, which can be exploited by malicious people to conduct SQL injection attacks.
1c2d3afc506dcd9c7d9f12381ded66ad8907f1112aa3e7bb1c8e66f9ab4a3e82Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
0d0a7367b13f1fa12b15d984732de8e37fb037633d9ddbffdba4f732db5bddc0Secunia Security Advisory - Anastasios Monachos has reported a security issue in LevelOne WBR-3560A, which can be exploited by malicious people to compromise a vulnerably device.
ea0f34f90c15e09170ade1433bf6777e039e24a5b872a95b4ad391ee668fc902Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and cross-site request forgery attacks.
ad90740ec536618829b988ce94a54359d3d1bb75529c7c68e59bd46050514b44Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
506566d015116a1f4b5ef50c441e60dd4d7e4356f5e20e871cf7aca562957dc6Secunia Security Advisory - k1n9k0ng has reported two vulnerabilities in vcart, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
ee777ce69228d21cc490996e45fe4badb5dc892607f15227f60b3db0a52f18ffSecunia Security Advisory - BlackHawk has reported a vulnerability in Evilsentinel, which can be exploited by malicious people to bypass certain security restrictions.
bd5b8d13825fb4af9ff72126413d900142824860e77c68933b1f83d1d10f18bcSecunia Security Advisory - Mandriva has issued an update for madwifi-source. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9b8641c2b23c82e283de305d0a46a9a44702f68574f60cf77ff9164a74d45092Secunia Security Advisory - Debian has issued an update for openafs. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
07f12f54f89fd394fee857f589ac55a948d8801aedd34bfeda61ff0293284755Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
2dac0ac4196a118c2707babaea6a57ea4a5e27581f01cf36db00d529def68247Secunia Security Advisory - Debian has issued an update for gforge. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
71afeaaf8422f58a4b1205e0646e83f5c7e6c2b7da5887826834fcb9c0984322Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
8e8f64df79ae3ad61597cf909af73b66313dce099c6b5ab8c47c375ddb6f3b2eSecunia Security Advisory - Red Hat has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
ff58a2af4ed2b39bf084f61051d23b582fe1bd074b00e971166da6fa40962fdaSecunia Security Advisory - A vulnerability has been reported in PHP Running Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
c33fc6df48f34f706eb0351dd9e723a6d86740c5f3a57a4d6a2a5437de1590b2Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c8b886aef8019e6e4c60af6ec57be15a1a817e2b2fe74a8d4b996cb84b73c336Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service).
0b66ccc5b3d1d2bea6ac2e8194bcc083be024fb1012b73315eb8fbe5e238965f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed