Zero Day Initiative Advisory 12-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process.
39370c6e23c5e71e38df2b098ae63d90Zero Day Initiative Advisory 12-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a HTMLMedia element. After a source element is created, an attacker can catch the beforeLoad event before the element is used, and delete the element. The pointer to the source element will then be referenced causing a use-after-free condition, which can lead to code execution under the context of the application.
3485cc0a5ada64fd70e0b8de1ff12689Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.
d48081cc95ac51cd48028c39fb2ca517Zero Day Initiative Advisory 12-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "<all-permissions/>" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.
7ed067d5563825d7281f23012634b96fZero Day Initiative Advisory 12-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.
c792d301ec64c4eea1671788ba504ac1YeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
351bbea8ba597d64b1915caf9c09ccb84psa VoipNow versions prior to 2.3 suffer from a remote command execution vulnerability.
84ade909d47213d3acbb88dc99c158dfWordPress BuddyPress plugin suffers from cross site scripting and content spoofing vulnerabilities.
f14318f875115e478d4d8c8f3fa31a13Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
d43e3b3d833c11ab3aa5fad3a596e114Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Virtuemart 2 Multiple Customfields Filter module for Joomla!
365848b853a478ded0644c9aae0bc920Secunia Security Advisory - Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service).
b1ecb2fb094133d958979154791280a0Secunia Security Advisory - Two vulnerabilities have been reported in VMware vCenter Server Appliance, which can be exploited by malicious users to disclose certain sensitive information.
7d0b0084d83e98c2d5c6f5bd44f57548Secunia Security Advisory - Two vulnerabilities have been reported in CA IdentityMinder, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data or compromise a vulnerable system.
e2b83e09bb682c7e61200b0daff34c4eSecunia Security Advisory - Red Hat has issued an update for Fuse MQ Enterprise. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b61dc9c3c0206d69ea96958435a94272Secunia Security Advisory - Red Hat has issued an update for Fuse ESB Enterprise. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a95b282adcd0b44e5c210a8bf54c88e4Secunia Security Advisory - Multiple vulnerabilities have been reported in Foreman, which can be exploited by malicious people to conduct SQL injection attacks.
d05e9d081e015d9fc3a3304792d84cc9Secunia Security Advisory - Red Hat has issued an update for Fuse Management Console. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
de1c15390be133f66e8b861b81036cb3Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).
992e31473b4011b1a623f35fd10b1654Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
ca519f6c64ce03274748446fad1c17a7Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
5dc5bbcef92e03aec9e5059a94196c25Secunia Security Advisory - temp66 has reported a vulnerability in Nagios, which can be exploited by malicious people to compromise a vulnerable system.
064b12c96e807986bcaca12f655c4ff0Secunia Security Advisory - Oracle has acknowledged a security issue and a vulnerability in Apache HTTP Server included in Solaris, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks.
cf7d738a86009243c2bdb5b9d2b64ff3Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Java included in Solaris, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
4765b92b5a953a56d03ed845c47281bcSecunia Security Advisory - A security issue has been reported in IronJacamar, which can be exploited by malicious people to bypass certain security restrictions.
376a8adceeda3c3f48fb09fb626ff9c0Secunia Security Advisory - A vulnerability has been discovered in Quenlig, which can be exploited by malicious users to conduct script insertion attacks.
f27b2da463ae43d55e0250d3e7751f1e
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed