Adobe Acrobat 9 Active-X remote denial of service exploit.
29206898c3ad3c1835b2c4a69f7bf0bf07b1702196dc7b9710141b2e40b9c419The Unreal engine is affected by some format string vulnerabilities which can be exploited by a malicious server when the victim client connects to it. The main format string can be exploited through a malformed CLASS parameter of the DLMGR command but another one seems to be exploitable through the forcing of the download of a malformed package (PKG). Some older games instead can be exploited through a malformed LEVEL parameter of the WELCOME command. The bug is caused by the calling of _vsnwprintf_s or _vsnwprintf for building an error message to visualize to the user (for example for a missing class) using a max size of 4 kilobytes and, naturally, without passing the needed format argument. All related exploit code is included in this tarball.
863f67850b55e9c9c3297e5e56a9c2c5c4cb9c1adea759190bb77fe1d9feaa1bUnreal engine 3 remote denial of service exploit that leverages a failed memory allocation vulnerability.
085f6e99f790ab5b50851dcc299a7b582152c776dedb75e44dd63093bef86737Unreal engine 3 suffers from a server termination vulnerability caused by a failed memory allocation.
7d2de8733f445ecde7f731e17762ca9fc06c12184cbd79efce6473c27ea63a39Ubuntu Security Notice 644-1 - It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem.
9139e43fe95cb79654a777a5abce41c875cabcb649f86a564afc749503aed326Ubuntu Security Notice 643-1 - Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service.
92fa750f501d9838dabc54d77709b4f63b5f2d0348bb483e0510e3894c95d74fSecunia Security Advisory - A vulnerability has been reported in Vastal I-Tech Mag Zone, which can be exploited by malicious people to conduct SQL injection attacks.
7368c40ce0be62cdcf7361eed440b16de179ebd484fb3cdeb0ba4405adba4edfThe Horde project relies on code similar to Popoon's externalinput.php to filter out potential cross site scripting attacks on user-supplied input. Other projects are using the same code base. Therefore this vulnerability affects also the popular Cake-PHP framework. Hence, all users that rely on the externalinput sanitization functionality are affected by this vulnerability, as in addition to many other unrelated, open source projects.
21fcfc2eb2dfbc50c7d42dd8d19fdf5f77e420370c183904809c229552d63d54Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.
c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507Secunia Security Advisory - Some vulnerabilities have been reported in various Tor World CGI Scripts, which can be exploited by malicious people to conduct cross-site scripting attacks.
6f51dae57e3945137611913579c2fb11d049852268255b8a5e681290f504df85Joomla versions 1.5.7 and below suffer form a weak random password reset token vulnerability.
f3a05de176b98357326a615c8a735e3cceca49d45366d2ac92f9ebe2230f981fdynamic MP3 lister version 2.0.1 suffers from a cross site scripting vulnerability.
df7b2506b62275b6860f38e092091a71a2c51b4aabc8c9b9941f025f8ecc8befParanew version 3.4 suffers from a cross site scripting vulnerability.
107bb8cd556298c7b0d97e02b0c0defe13933e90af2dc29813cdf6b55defee2fRuby Script to generate URL encoded Unicode UTF-8 URL.
3716b2b24def26545bf37991157e555c96d9f13dc08744a8b8168ccd6d3bd237Secunia Security Advisory - A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).
d77b95b9805fd363e34b088730483c86e4741f017eee5e7d658fee7a7b4371c0Secunia Security Advisory - Cyb3r-1sT has reported a vulnerability in AvailScript Jobs Portal Script, which can be exploited by malicious users to conduct SQL injection attacks.
cf97cb28468987e2657e3fa6abecfa359f91eae2ea02563399c55ca74688c0afSecunia Security Advisory - IRCRASH has discovered multiple vulnerabilities in Stash, which can be exploited by malicious people to conduct SQL injection attacks.
d79b57469418af32edf9b43d25b20f67f4fec567f95b18f8ef75cbf42b2f6460Graffiti Forums version 1.0 suffers from remote SQL injection and HTML injection vulnerabilities.
8dad2f720993bebaaea124e50cd07a174ac9ad967b4df7a63b715d7b31429017D-iscussion Board version 3.01 suffers from a local file inclusion vulnerability.
00dee0bec6e54535d08c2f09294254d26ac6fa7cfa2b271f38cc2fef89e89800ZoneAlarm Security Suite suffers from a buffer overflow condition.
b9752e4371506f7c4fd130c903d13e79aa3338413ce9d17aa137ae345801ebe8Secunia Security Advisory - Stack has reported a vulnerability in Vastal I-Tech MMORPG Zone, which can be exploited by malicious people to conduct SQL injection attacks.
e040939253c30e0599e3a17f540aca180dc93e7bfbe55b462b4f061488add7ffSecunia Security Advisory - Debian has issued an update for freetype. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.
5504db7acfdb99e11cb7dbb6586607a33e9b62981fdcd128008c96cb47179977Sports Clubs Web Panel version 0.0.1 suffers from a local file inclusion vulnerability.
ce43c9102e39b9349230cfca30dbc5f65027068f2f89bddfd486773bcf480dc9Debian Security Advisory 1636-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data.
dd179712a3c5f49c7817972099a42d0a2e5e7cc5f684981c7e60c71b4cda6539Razor Commerce suffers from a remote SQL injection vulnerability in category_search.php.
d26d9f0eee1ab0f9d3bd85c17b8586e15e92d24948cbf4494cd34751c7dd1c89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed