Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
9dba3d0d50ecb04d6b0e88ad279009be8dcf8e519a8e80f0bd5acd274e688272
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.
623e21468d54f2db461001bc0b8983f1dc7a59785a4ad47663b3d0349af2f8ce
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
28a0cbd4c91dc6908098a5bb540ee31c831d78a7df3e6e91cc796712c465d9fa
Social Share version 2010-06-05 suffers from a remote SQL injection vulnerability.
37b624a69b8ebcdf131458a9b529e881fdc8408efdacc819e67a32ae82787f2e
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer truncation error in the PICT import filter (PICTIM32.FLT). This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into importing a specially crafted PICT file. Successful exploitation may allow execution of arbitrary code.
3d48dcf13f13e7c0894cc02b34b824a7414ad66514cf0dc9789b003d837a5be5
Freenas version 0.7.2.5543 suffers from a cross site scripting vulnerability.
6024eb8d221d86e774861cb5888403ed5bb52c9ce554fa401344f8e854acd59c
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content. This can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. Successful exploitation may allow execution of arbitrary code.
8ce3f987a47149f84b0f20dda276ecafb1deb4f3712048d4fa372fdc4fe9f31c
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.
e1d707d2fdf5b309bfa5099effc7b3f06ec130515db11e823db3c81a62298aaf
PlxWebDev Plx AD Trader suffers from a remote SQL injection vulnerability that allows for authentication bypass.
76994603b541cb9e8ad5355cac8f47334bc60809b3e4fbd45df45482c327270d
PHP Web Scripts Ad Manager Pro version 3 suffers from a remote SQL injection vulnerability.
317ae38732a6af1ceb81c85b0d31140cfc185bb4cbb40e6e91957a1400cae62f
MyBB versions 1.6 and below suffers from multiple cross site scripting vulnerabilities.
564614cfc6a659dbed739106c7897dfd62579a2869a6d127aa4fc6e6893205d0
Elcom CommunityManager.NET suffers from an authentication bypass vulnerability. Proof of concept code is included. Version 6.7 is vulnerable.
7acb1f10e416f67bc4734d295a385802936a471c97a267dd98e74911fcfd8dbc
Whitepaper called The Joomla Hacking Compendium. This document should provide you with security related information about Joomla and the extensions which are available for it. This paper focuses on how to hack Joomla installations and how to protect them.
467489c738a22376e6abfc1c7ea3f4678310dbccccce20aa044f48669be1df77
Vacation Rental Script versions 4.0 and below suffer from a remote shell upload vulnerability.
4d0bce716bd5b3de425fa3db8640d1168f18f6942dce6566c760f8acbaf0059d
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially corrupt memory via e.g. a specially crafted RealMedia file.
2434eaef6b000eb04efc5bf512381ecffb8c1a973ccfb2c8544b94986d6df588
Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).
d28710dbbdb6a4e04bbf0b31230732e1f2ccbb1c884c4ad65e99fc484a3db74d
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
fe9756bee3228bf01334f743b7c74dd1edc83e5489f032737ce24eb6bdb19cbf
The Joomla Jotloader component version 2.2.1 suffers from a local file inclusion vulnerability.
21c4d007b7cd6cd43f1c5c1dbc08d499d85aa7f5700e963d4c53d2048fcb1b70
MaticMarket version 2.02 for PHP Nuke suffers from a local file inclusion vulnerability.
ffcb785ed6463a219582688ec2e05992bdfd9d8b261b4b60855f9c567405504a
Inout Webmail suffers from a cross site scripting vulnerability.
19a7e22bb4f491ab13aba02b11265fa8009a4e3818e5d6b199ce87ab5bb1a810
Mandriva Linux Security Advisory 2010-258 - Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets rules. The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. Various other vulnerabilities have been addressed in Mozilla Thunderbird.
8303cb81da50d3bd26721e1af3fad9224a8a40b7e910276b23d32824b24e111d
REstate Real Estate script suffers from a persistent cross site scripting vulnerability.
648eb1c8edfe3a9b64ea3c66c4db55ff3567aaabd472184f0e0c739f4f418675
Linux kernel versions prior to 2.6.37-rc2 ACPI custom_method local root privilege escalation exploit.
8e96652e9d0319db605344763c66b55b3366e06bdb9f068aa4c881ffd48bd76f
Word Splash Pro versions 9.5 and below local buffer overflow exploit.
5ffcbcad8fc30b44e94b571c1529d9ac9720ac37e56b839154e7777838dfe66d
MP3 CD Converter Professional version 5.0.3 buffer overflow exploit.
65f01e67dc8d7d9832b9cc02f2ce622f659424cab473c0b33daac7952ed0f269