eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239Typo3 suffers from a remote file disclosure vulnerability.
73568e35077aa7c47aea2129594d8400d321d756b754c5f88202e7d0f9df9d7aDebian Linux Security Advisory 2313-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
0e66a3f9f409834c4e46d8404804c078686458d479cf01ba08a626f27dcd9d48Ubuntu Security Notice 1220-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
381cb500bd82528a730aee301d5df2fea4835c168a78a002069bcb53da18ca72Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
a6902286da44592ff48572355b8fee8eb0b4d4760d83235fc8062977b61f3d9dWhitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection.
14edf4f453f8794728b0ac49c1d1ae57bab9b38e68a39ab9849188b3c9dd702dUbuntu Security Notice 1219-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
5bbf959fff7d5604adafb12f55e81da2ac28c246748613faaed45b3156c8add2NCSS versions 07.1.21 and below suffer from an array overflow with write2.
c6619e3f31945a8a7b5e376281cae03af5f42af0a358b23c58813c1c6078ad33Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582AmpJuke version 0.8.5 with Apache mod_negotiation suffers from a directory listing vulnerability.
66a33ea5e3bae7835afaeffc341e89465322c61b1372aa317bfcf3868a659ccfUbuntu Security Notice 1217-1 - Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.
cb0df75e0ea4625a8f572eb50a779b751932821421ee7b8d18861e0a3ad2212fRed Hat Security Advisory 2011-1344-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
9da687a381ca20d046b5c50589b968fee6f0f6760fa5b50b72ae19d0c9de5863Star Develop Live Help version 2.0 suffers from multiple bypass and disclosure vulnerabilities.
24452ccbb155921370872876d7c4fc4f09d76be839d05ddc5fe90d61b014a0e6Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.
8bafaef1b58fae03b23b8a5bd380a03af81a384af4e2638199592f25f97a9cd8Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.
80445d16ffe02cb047a1e223a26a3ad71167fd01c9524171970119db25b999c4Bitweaver version 2.8.1 suffers from multiple cross site scripting vulnerabilities.
623d0f908e24c7fa3674d8b07b164861549917e2c3e65221055f5e9d41339062Joomla! versions 1.7.0 and below suffer from multiple cross site scripting vulnerabilities.
b098c60142c11a23d57d189e2242583e2e4e51bc1fbd79e30d21c32650317397Red Hat Security Advisory 2011-1343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
3687f8be51c9a85fd3c79f10c8bab76b7b4dafaaac4db14db59c0c0b77e3d708Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
e2949a7050ea58c1e4b98c809fd3a351a236e932e99e60259fbe202ed0e4a651Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
a8625a9160b247b90199ce4274aa8f6096c8d45553eb33684ffa4642f14866c3Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
0c6ac8865b32e82e11c3f328b55e69c05b18020b7e3bc65cf024f724f351bdd1Tajan System suffers from an arbitrary file download vulnerability.
e2df46920e2605d7c30d2221e22d7a9ff4df2e1b0b109c229e37d4fccc7cfee2SabadKharid suffers from a remote shell upload vulnerability.
5282da357dd581ae32fbc77b153c871c6cbfe0ba268b2686d22ea2c2400903aeA2CMS suffers from source code and local file disclosure vulnerabilities.
8fcc5c4d75232fc2e9f5081cc1bc7d530d34a2527670932c3fbaeb6afdd32248HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
8c8491ffbdea51197735b916bafae7e01bedf7e73d74f78a14d32b3f74aa0016
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed