Zero Day Initiative Advisory 10-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
13b8e90f73d446785cc068baba1c949551ccec4ceb3454c549d4e3f198d8108eZero Day Initiative Advisory 10-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. The code within ACE performs arithmetic on the second DWORD from the mluc structure and a value from the desc structure. The resulting integer is used for an allocation of a heap-based buffer. An attacker can forge these values to force the process to under-allocate this buffer and later overflow it during a copy operation. This leads to remote code execution under the context of the user running the application.
ecd9e32d6f577f1936ad4eb02c36581111f3a572888a3e928346a7aadfc57941RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
41ebae2a8b510e2bd8181c50df475c394e772dc9ce8fcb156ecb559222b1e530Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.
b904c5a6e5a8de97f43c56644b6a9ba52dae475e7eef0a3f2c048059d81b1e24The Joomla Bsadv component suffers from local file inclusion and directory traversal vulnerabilities.
f0a91161d93e71c8fa6368ed314fcfb84a017a4068d9a91b9ed954709e8bc003Zero Day Initiative Advisory 10-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0xFFFFFFFF a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process.
9d1255f5b4ecf288e999e01be413aba17e903c8feb3faf1f8611a6a3b99010d1Digital Whisper Electronic Magazine issue 13. Written in Hebrew.
b7cc976897c1fbff9b7b4eabf0431487e8385d72fbd8b357810641e70cf6b600Ubuntu Security Notice 1001-1 - The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.
60ef4b53af760eed408ee330b96dade5bab28e4714a5817c765994cdd52f9f75Joomla Club Manager component remote SQL injection exploit.
f920eb2aa7f437b6fceafa52dd148d54bb4e425ad3d9623492a31e72b84f146bTechnical Cyber Security Alert 2010-279A - Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
247cff6275d923983e783ca6fe3f07cc6d56411f2a628fb9373e429c1bd4c9ddHP Data Protector Media Operations NULL pointer dereference remote denial of service exploit.
841e28c2f3b05995e7611afe106f1457a4f4820f5d1fcb49ee4289049980fd6bMandriva Linux Security Advisory 2010-197 - An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.
60b055a722cc4bc0545e71200d94b800b38708d3e38b1a277486b92cc61f22cbThis Metasploit module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
03dd84b1fa133f23eef6c093613e5dc4647bab107afd312e34d65559564a1da3HP Data Protector Manager version 6.11 NULL pointer dereference remote denial of service exploit.
0656224a4a7971dfd8da2db9267e240a02ea3b0541ef905aeba6d75aea755ad4TomatoCart version 1.0.1 suffers from a cross site scripting vulnerability.
34e741bd38e2824dc1af50ab1654419bc4ca5aa287742999e631921b7a7d5738nSense Vulnerability Research Security Advisory - Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.
be0006662c3db8dd0bb9877ae4a9ce05a5bb18b964135f696d2609daf428de1aFeindura File Manager version 1.0 suffers from a shell upload vulnerability.
6446bc8ad6e73c6bfd3c9f9125f2753375617e5288fc644f3afcd7035b75102dAlZip version 7.4 DLL hijacking exploit that leverages ieframe.dll.
f11b489fd05b6163a033a2db6af09cd74af7a298a3fb3ea07b6c7388c2ef88f4My Vacation Tracker DLL hijacking exploit that leverages svctaglib.dll.
cd774d81a162c4cea916cc060cb86ae6085a8d39ec07877a1a1b1fffd390ff44Dupehunter Professional DLL hijacking exploit that leverages fwpuclnt.dll.
fc0c631f01578170965c5664090a0d3a1ec4cae4dce83ea001062041ff69bd44Secunia Security Advisory - A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
cc29aea1d3242e9f3595ca0a7e0db62a9d699ac7d7310219235820fcb79fe512Secunia Security Advisory - A security issue has been reported in BrailleNote Apex devices, which can be exploited by malicious people to compromise a user's system.
8d71ac82ad1394c632da1fe6e2c2a9acee28e738eecd8267df2979433d2dbc5dSecunia Security Advisory - A vulnerability has been discovered in Foxit Phantom, which can be exploited by malicious people to compromise a user's system.
42d067b215d5970b002bac07c6989392dc42731343704879bdde5b439a725526Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
ffa8c5691773687c348c685a349950fa14e4bf2f55b0683e1edad86e03fd20c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed