Ubuntu Security Notice USN-776-2 - USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service.
494dd7a7b640d12307b6ec6753130b3f5f824fcc8ecb4f7a49332420d07598a3Mandriva Linux Security Advisory 2009-111-1 - Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue.
0b9ab0678b8f50291475ab0c369624d0ea9d246c0f33cdfab12afe730ed4f0cfMandriva Linux Security Advisory 2009-110 - Multiple vulnerabilities has been identified and corrected in squirrelmail. These issues range from cross site scripting to code execution vulnerabilities.
eb825894498d8381f7051299956731d6f8a6c53fa50672e55d2c3812e07667c6MaxCMS version 2.0 create new administrative account exploit that uses a SQL injection vulnerability in the cookie passed.
113f4bedfed5d21114fd9b88db4b2ef641cc0e857fdd4305c4d4227aa5674bf7TrueCrypt is on-the-fly disk encryption software that can create a virtual encrypted disk within a file and mount it as a real disk. It can also encrypt an entire hard disk partition, or a storage device such as USB memory stick. It supports plausible deniability.
fef81746948b8e395a866509df337ec4a68475c3df755e527c2788f3111824feipsec-tools racoon frag-isakmp denial of service proof of concept exploit.
898ae58d8c1b9defc05f54f5324236c2292838fce91ff46441b899d746e65938Family Connections CMS versions 1.9 and below remote SQL injection exploit.
0790c50b136c6400cbb76768254eeaf9ebdf73e3e70f5681d4b209c6037fd5eePinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal proof of concept exploit.
140e18b7f263c208877fbd4b9e099be7be793ab75d118fc919ff39ed4291ab12fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
5d2960bc3f4497e07183ae8c6b84acda0e456c67a5a75a98056df613c15e0466Password Protector SD version 1.3.1 suffers from an insecure cookie handling vulnerability.
e281cf16cdc383b69329c5073a2f6c6934f6bc7440f82f09bc1fe6b93008bea0TinyButStrong version 3.4.0 suffers from a local file disclosure vulnerability.
be78a80fd48107b4a079f935dda72f28b37c6c3f3ba470a444f4be9d5e2bf1eaiDefense Security Advisory 05.12.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type is used to specify collaboration information for different slides. One of the fields in this record contains a 32-bit integer that is used to specify the number of a specific type of records that are present in the file. This integer is used in a multiplication operation that calculates the size of a heap buffer that will be used to store the records as they are read in from the file. The calculation can overflow, resulting in an undersized heap buffer being allocated. By providing a large value for the record count, and inserting enough dummy records, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, and 2003 SP3.
84bba074996caa0939a7e44b41d9a7389b4b11a60328716bd8fa6f9a381fe0afiDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the Notes container inside of the PowerPoint Document stream. This container is used to hold records related to notes that appear on the slides. By inserting a value into a container, it is possible to trigger a memory corruption vulnerability. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, and 2003 SP3.
7f7588e5d20993d1557ddc70301247408570fff65a0c66bc08fa4e5e6d678106iDefense Security Advisory 05.12.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of the BuildList record. This record is a container for other records that describe charts and diagrams in the PowerPoint file. By inserting multiple BuildList records with ChartBuild containers inside of them, it is possible to trigger a memory corruption vulnerability during the parsing of the ChartBuild container's contents. This allows an attacker to control an object pointer, which can lead to attacker supplied function pointers being dereferenced. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, 2003 SP3, 2007, 2007 SP1, and PowerPoint Viewer 2003.
98683674d53180aca6ec380be9c8a25a413aab69fa225531f66abadcfa0bd397iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
4d2d05f1058734610733532062ed77695c73219fd1b4fe428f8e5306abe78262iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. The vulnerabilities occur when reading sound data from a PowerPoint file. In both cases, a value representing a record length is read in from the file. This value is then used to control the number of bytes read into a fixed size stack buffer. There is no check performed to ensure that the buffer can hold the number of bytes specified, which results in a stack buffer overflow. iDefense has confirmed the existence of these vulnerabilities in Office XP SP3, and Office 2000 SP3.
fcf13fe7cfc3b8b5e14e22a30f0bbac0017a3c2415c37fc364e4eef3583b5be9iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 4.0 format files. This functionality is contained within the PP4X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
7ce1ffb2ba312734fc860a8482e98527498becbfccdb72bf130c0baba266299eiDefense Security Advisory 05.12.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses a string in the PowerPoint file. If the size of this data is greater than a certain value, then memory corruption will occur. This memory corruption can lead to the vulnerable code executing an attacker supplied address. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
aa746668db670cf5482d819184ba1364f23aa4473b232e3400c2f14c9eed84f8iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
d46d15bace48b692d2adac056789e54ccb908fe6ccd325abcaaea4b3359934a4iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
e3f96726fc6f8d14c3ad93532bc697410b0b18a7c8eaccbcb8df96d4b0f5eb34Ubuntu Security Notice USN-776-1 - Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service.
58f223c2297cdd9c2c7ddb064e41a550ca946b93c8a244622b78b946d06414ffUbuntu Security Notice USN-775-1 - It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. An authenticated remote attacker could exploit this flaw to cause bgpd to abort, leading to a denial of service.
443af3101cdb36466e16e3323416f91df72bbb49ad0eef51b7f6c65ef2e1eab6Technical Cyber Security Alert TA09-132A - Microsoft has released updates that address vulnerabilities in Microsoft PowerPoint.
ddbbbb4322a8aa4e21d5e568808b1ec8619cbac1da27e82a41784bfeb0acd724CastRipper version 2.50.70 universal stack overflow that creates a malicious .pls file.
620b841b356a6e799144cba2248ee52c5be7feabebcb3e063c0a26b02303e987CastRipper version 2.50.70 universal stack overflow that creates a malicious .m3u file. Written in Python.
a6062b7daa63ebf3f9dd0e93df4145081a26e4fb6f49acc177840bf88b24edcf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed