Debian Security Advisory 1851-1 - It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name.
4895448f52ffe68e98196ec3721ff78244663b3346b4ace337499d3dd23b3c87Mandriva Linux Security Advisory 2009-195 - A vulnerability has been identified and corrected in apr and apr-util. This update provides fixes for these vulnerabilities.
65a23f9e0b8882b8afe1e667bae3c05d6ad58e8e697a8011a4920ea95ebf1171Mandriva Linux Security Advisory 2009-194 - Vulnerabilities have been discovered in the wireshark package, which could lead to application crash via radius, infiniband and afs dissectors. This update provides a fix for those vulnerabilities.
f508f94bd641d0b3de7652903bfdc8a48f392f6428bfccf2a9a070b1d5bbba6eFetchmail versions 6.3.10 and below suffer from an improper SSL certificate subject verification vulnerability.
ce7096d8ac83ac8f9f069b1910a6aa91898577d3165d040410eeb7f62efaf3fcImTOO MPEG Encoder version 3.1.53 local buffer overflow proof of concept exploit that creates a malicious .m3u file.
c0bea02fc4084b911fa05b99649d0a42b8d9616310907f8ebf099d9409c8be0aGroovy Media Player version 1.2.0 local buffer overflow proof of concept exploit that creates a malicious .m3u file.
da1df7b729e312b47d0116c4f7e1c577aba1585b4fcdef5369e83477e3eed691Mandriva Linux Security Advisory 2009-193 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions.
0669c17c9c0462df2e2d19f4671fc26124b8dab42ffd851016ebb52c686df9f9Pico MP3 Player version 1.0 crash exploit that creates a malicious .mp3 file.
2480581152550e9e868df764f9bbce42c35001ba070367aa30a1452af47a4b74PHP Photo Vote version 1.3F suffers from a cross site scripting vulnerability.
c99a1e29edd2c84a4f62a3c614ab2f21fcab22ffac4b299b4d3177992844bbc0PHP Easy Shopping Cart version 3.1R suffers from a cross site scripting vulnerability.
309417a64f248bf3908db3dece4ea6d08ba0c4b6cb96b52ecfeb154cdedc395bAccessoriesM3 PHP Affiliate Script version 1.4 suffers from blind SQL injection and cross site scripting vulnerabilities.
875be93014116e1dc5ed53ce1569f7ba184df07baf355704f1b483647414fca3LM Starmail version 2.0 suffers from remote SQL injection and remote file inclusion vulnerabilities.
7cca570843e0988e35079cc1e6f38676726cd88ba4e948180aac7e00cc8b2a12TYPO3 CMS version 4.0 suffers from a remote SQL injection vulnerability.
92c31571d658f708864804a1ae697eb492d660a96d403bd64628cde380b3b778Playlistmaker version 1.5 local stack overflow exploit that creates a malicious .m3u file.
c584207ab986f5817177ac4e5b6fba43eb94b4b4064c7912671705b9079fe2edPHP Script Forum Hoster suffers from topic deletion and cross site scripting vulnerabilities.
b591c9bebd085e7b6dd622fef28283780d073d190f7d88977fef472ce4e065b5jetAudio version 7.5.3.15 local crash proof of concept exploit that creates a malicious .m3u file.
9abbadf5473b1eacec89b8a6001a675fd0abe614f80ba38299d0e1e443f621fbFreeBSD 7.2-RELEASE SCTP local kernel denial of service exploit that causes a panic.
134f70fd1df5a8305a23db386308b72df604b197660b97ea45f9feb63b2e2578A2 Media Player Pro 2.51 universal local buffer overflow exploit that creates a malicious .m3u file.
832b63a4423a0e0fefc833d58b8931ff863248533d20ad1a486cd91116742880jetAudio version 7.1.9.4030 plus vx universal buffer overflow exploit that creates a malicious .m3u file.
f431765caa2cc532e8bdc7b326d06fe2869c30bdae08f3b88e2ea6e6a9afe97fjetAudio version 7.1.9.4030 plus vx universal buffer overflow exploit that creates a malicious .m3u file.
0d680cbd9ab8adee4eab17871d4550fa96237010e411f50e1166d134577ba650The Huawei MT880 device suffers from cross site request forgery vulnerabilities.
3fe868872064c2e25216cee4105b2a6578bb14b43e96704b0e53f9d50b06bc5eZero Day Initiative Advisory 09-050 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code that handles loading a custom JPEG splash screen for a WebStart application. While handling certain parts of the splash screen, javaws.exe makes an improper calculation which is later used for an allocation. Later during decompression, Java Web Start will write data into this mis-allocated buffer resulting in a heap-based buffer overflow and eventual code execution under the context of the current user.
ca7d543314563c01cb76f03850630e04c3f3bbe875fb0a9b6887812d3e2a5e75Zero Day Initiative Advisory 09-049 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling Pack200 compressed JAR files. During decompression, several fields within a Pack200 header are trusted and used to calculate sizes for heap buffer allocations. By providing malicious values an attacker can create undersized heap buffers and subsequently overflow them. This can be leveraged to execute arbitrary code under the context of the user accessing the file or web page.
f3895c8176efd0aaa04f4f2564053b537f655a444812a5b6864cd8dfd5164142Zero Day Initiative Advisory 09-048 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when accessing embedded style sheets within an HTML file. When modifying the properties of rules defined in the style the behavior element is improperly processed resulting in a memory corruption which can be further leveraged to execute arbitrary code under the context of the current user.
0d1a75ec8135d86faf85c24c23d55a581c00a5bfe4022870af6279e5298ebb17Zero Day Initiative Advisory 09-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. When appending malformed elements to a empty DIV element memory corruption can occur. A properly constructed web page can result in remote code execution under the context of the current user.
540f0b527d81dd9df6fc65e182b80c4166d34d41956aa3ba42a5a85a03b932a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed