OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.
8835dab05febe30ee3df1bb4c48de2c02504156f840dc2d1d9c1e0014179f8ceDebian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
68e370faf2beb6cdbf84c61722cf35114006eff0082075706e518107a0b26ec1SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.
b0297f9e69c26f42d51c1e7aaaba6b1b125a76fa647dcd73ccf099f2fd2f43d6FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.
bec3ee10be31916a3a36ac078cec5caf93d30294833af00776ebe8c44bda9670Drupal Aberdeen third party module version 6.x suffers from a cross site scripting vulnerability.
ee88888847b82bb8706b2dec511d766960874ac9ed9c858f867dbc4171cb1f72Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
7c02451f79ba6d4bfe66bd38a9d30bc0c21b9498c33fec40e740f123d695f5e5Drupal Post Affiliate Pro third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
24cfc303df362d58ad5a3d229f184bbbbe3f53d9a28d7441c2155d9f83548fecA vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
9b9385109737f1c4e076d9b046209fed8fd0d8cc5001274e0f5a3f2bbb355d40PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c).
8a1ff866f8c109707f489791566f77bc54087a39904a2e9018d41836f35c9f85The SEC-T 2012 Call For Papers has been announced. It will be held from September 13th through the 14th in Stockholm, Sweden.
396756fabc238c4d83767b9e2075975da880c74bad443c78d42a7b5e737cbe3cApple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.
57c27e1b2292d0b0350bc4e9a6a61eb501064eaa248f2cdb7fc88e7fb35ed920Unijimpe Captcha suffers from a cross site scripting vulnerability.
c9ffa6f225a88c626b7fb1d77ea68e165963c1478a15e7002f9086141d811ccdDrupal Smart Breadcrumb third party module version 6.x suffers from a cross site scripting vulnerability.
efa13b22a802826add663af52ab799213ef8c7c5710a4d1d236b277a44d092b9Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.
40c8ec8f9df7dad38b0ad224dba92d7d02b70026bf96f514a6175e20c372358fDrupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.
63170eba807768a010da595df4dddb13c2785adc91ef336d17dba438e6e4529eDebian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fbUbuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.
4324b59d64b342a521a0980f0e685008be9a14f33f0173e24e06a2608c59a814Gentoo Linux Security Advisory 201205-2 - Multiple vulnerabilities have been found in ConnMan, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0-r1 are affected.
ed625e222ec8e2fd20bd7ee907062c3b0e92b9b05983eab68d6d8bdf497f1f1cSecunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.
48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfbSecunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.
48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfbSecunia Security Advisory - SUSE has issued an update for gnutls. This fixes some vulnerabilities, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library and potentially compromise an application using the library.
17aa0133e7b523989c4d0996bbca9116436ed57e53c268768e8e1d8b9c34fb20Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
400b2d738e070f94ef3fca7538a5c1e2f5673488a2999e0c0897d5deb91b4076Secunia Security Advisory - gainover has discovered a vulnerability in JW Player, which can be exploited by malicious people to conduct cross-site scripting attacks.
4f7c0a28e0e8a70a6eb582c6f1cfa65478ce1f72bd4999a46188485fb40cc357Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3DVIA Composer, which can be exploited by malicious people to compromise a user's system.
bea660ef1c11ddaadc4629a4f99666b5a7c49ef146ba237564b1370dcd3c7c3dSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3D XML Player, which can be exploited by malicious people to compromise a user's system.
7936044c8f02e77cf0b42c885997b7e2ee7fae4d7049fc62f15ee500a141f638
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed