Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
daa8d0259edfa6917251458ec8feee6e73ca1be25f190863aaad8ff8d1d9f8adApple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
177743c04df027711accb6be0442f662c763f68ae3e958ab54e44b32c5cdd929Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.
f0c48ee96cb75fd2a8d5d59f4b09ac01709712a9b3fbfe5a377400b30d006239Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.
cbe20e763ddb60533e4aa2c0372e6d26d0fcf0e0faa767ddc8c8e5d69b7d5216Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.
a18bf4afd49f0790a7800f00c7179cc923a3890a42c7c396c63645d35c123d0dSome SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.
d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
ffa34db28244865608548350015903d37722b844554e14ccaf7d8347188e784aApple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
ff2f94e0d38ea69f36970a1ad604758214b956d4b4c5ef71810c7ef1ed9fd7efMandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.
a0a8eba7465a48df476d1df9722497c093dac6a589b1c042b115c0aad4fae55bLiferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.
34af56ed2e0c1df197bdb004a38aeb7ac850fd1cbd8725029cf4808908941dcbTunInfo suffers from a remote SQL injection vulnerability.
4a59fc93674e2ccf46017e9be39bf95524691b89ff019df71f9f1a7efca4130cLiferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.
6619bfbbf1dbfa7eb563e65bcabfac916b63c4ac1431da326cb548fddb4f5fddMultimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.
63a67975d994e1f50ae5d8977e3410cb4b3b122a865bbea9840fb034cf5d4fb0OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
9b795e382fcc6135553f5f2c96f60aac2d76ce101e018dfe5d3bc9bc771975d9Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
5d00061ebbf37190e2a234ed2e926b9591981ccaf98e5bc04f27356da0113e72Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.
c88db0a1f1b7343e27cc22e518f7258062840aebeea6f425936d381a312cd433Red Hat Security Advisory 2012-0571-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host.
1410f3b7136c37ec0494b578f722198e2419cd69f0b58f7948f10dba37dc0d35Gentoo Linux Security Advisory 201205-1 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 18.0.1025.168 are affected.
db0550b1dade0d9a98afaf2ac750b0ae9a7a263dc2df65218f71b0b47bb9c75dWordPress Track That Stat plugin version 1.0.8 suffers from a cross site scripting vulnerability.
5a6daeb646f993bbddc6cecbab8b06964dbc93311c048a41703ec53244a0e630Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
6a40fae819245a8180ecb0d36ba689948dbcd9d8dab2d60158accd6401f51f1cSoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.
da49d971f971ef35f420da7ccf4f3213c7266f61b1fcdf41e09d8886cfb7804cMandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.
84d6c91018ca31f8f470c32ca860e11e8ebe2e0ced01c5cd91935701ad5dcc51WordPress 2 Click Social Media Buttons plugin version 0.32.2 suffers from a cross site scripting vulnerability.
6c7ccc1383af1cf29f09a39587e09fe7a5a977588d37b1c70f135d5e4d828a54WordPress CataBlog plugin version 1.6 suffers from a cross site scripting vulnerability.
eebcfe5853a6a0d2dc6e18646b5ea9d74a1a3b3c13f654b3d64737d5c8c4fb31WordPress CodeStyling Localization plugin version 1.99.16 suffers from a cross site scripting vulnerability.
7fbf33ce44b247637fd88fe38ab57d6bb8824fce18edf5215a5cdfa80fc5a26f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed