Secunia Research has discovered two vulnerabilities in UltraISO, which can be exploited by malicious people to potentially compromise a user's system. A format string error when handling DAA file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. A format string error when handling ISZ file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. Successful exploitation may allow execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
e8b6b22234286c933c86caf76bc04d458d2b2cf5e2ee7ca1dd7d5c4daabe4ad8Secunia Research has discovered three vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user's system. A boundary error when parsing CIF files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted CIF file. A boundary error when parsing C2D files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted C2D file. Insufficient validation when parsing GI files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted GI file. Successful exploitation allows execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
4f0fdc8ac2f3df91d55d57dbd2bfbf7651b26b2c441c2ffb9e376cee3ea8cb9fWhitepaper on Google Hacking written in Farsi.
d5032a9f65d13006e164fa42ec4ea999228b57aaacedc449f9e3311def3ed61cTinyPHPForum version 3.61 suffers from file disclosure and code execution vulnerabilities.
cda1dcb6105337c0ab9dc986dfd645440bc866bcfa9f14a7e53b60fc60fc958cMyioSoft Ajax Portal version 3.0 suffers from a remote SQL injection vulnerability in ajaxp_backend.php.
004c5129b639cfb7359b0ac23680322a6c1c57a06bfb966584af12468c39b6d5Oracle Weblogic IIS connector remote overflow exploit that relates to JSESSIONID.
de5529e482413e2be9f8012fa29e6af9eacfb0d3ebb8fd6bad42b75fa2617dcbHP Security Bulletin - A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access.
32408dedc7b1bb3beef81d26777720b83a5a7e169d02098aec0b1d7b30492e3fKoschtit Image Gallery version 1.82 suffers from multiple local file inclusion vulnerabilities.
e0c6fccdf0451b8bce296fe4677fea5362cf8d48ee0f46e49acfd059caab7aadPacket Storm new exploits for March, 2009.
e9f153b2931d639cb5badec0f38cdae04b6d25fab8707fc696b5deb4cad118a8DeepBurner version 1.9.0.228 stack buffer overflow proof of concept exploit.
d1737e2e36552a204d8753b7f7f41231d72da7819abb0f411576f550e2322ac9Mandriva Linux Security Advisory 2009-084 - Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates.
7337027c6d9eab4a1b99091201ccfc3d20e82590fc265a2fca649cc8d927d330Mandriva Linux Security Advisory 2009-083 - A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21. This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used. Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. This update also fixes those issues.
8511d6a4698ceeef5b4163b72f2396b90cb854230c08895dc46332e0b785248eQtWeb Internet Browser version 2.0 remote denial of service exploit.
e64c56fbb977dcb8db71cc1138721733c0f9e421bc3153c68259cb6cd11b9b12VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1XBMC version 8.10 proof of concept exploit code for multiple buffer overflows related to GET requests.
630e1ff4c87341bbc0d442422a65b0fbbda8376d48c984df1335117845f76dabXBMC version 8.10 get tag from file name remote buffer overflow exploit.
c7b8919d2d1d3063802ac34741da2d095d10aa6076e4a9487051c26951ba38f6XBMC version 8.10 takescreenshot remote buffer overflow exploit for Windows.
eba0bb541e3a78ea046d3e1678e22f7cb2080253e1cfabb4b322ef3d94d508c4XBMC version 8.10 GET request remote buffer overflow exploit for Windows.
aa63b4ad5a6f2a442b6f2731b35ac6e2b862f6e0835b9f145e6cb5784cc92506Secunia Security Advisory - Fedora has issued an update for glib2. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise an application using the library.
a4354d487a63101d758fffd689379ae14c61212b22171db1c54395b602899d23Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to conduct spoofing attacks or to compromise a user's system.
17b3b43996f9d8be9d72be35b6a457274ab13ea845fab23d57463b808844e0c2Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
9ab7ddbf8f5392145d06357db2a58bbfa7dba7ab0eb68c7abf757874ba99f311Secunia Security Advisory - Methodman has reported a vulnerability in Turnkey Ebook Store, which can be exploited by malicious people to conduct cross-site scripting attacks.
564af25ccde7a7a279d9b50284f586b99b7b90c7ea50b48b3853dbfb34ebf25aSecunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user's system.
7249c7c996cf08e994a1c1ae2dc16e556e10cf8cfe91b0ae8e0c54ca63010b5dSecunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Calendar Server, which can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).
b9ca637527ade8f11cc68aa134a155a1436ccfd2f744624e8061967c3d64b194Secunia Security Advisory - Avaya has acknowledged a security issue in Avaya Messaging Storage Server, which can be exploited by malicious, local users to gain escalated privileges.
ad1e90d3006b694202bc16d7fba32b68df0cd1138862aa37d7adf7856aef8a60
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed