Technical Cyber Security Alert TA04-260A - Microsoft's Graphic Device Interface Plus (GDI+) contains a vulnerability in the processing of JPEG images. This vulnerability may allow attackers to remotely execute arbitrary code on the affected system. Exploitation may occur as the result of viewing a malicious web site, reading an HTML-rendered email message, or opening a crafted JPEG image in any vulnerable application. The privileges gained by a remote attacker depend on the software component being attacked.
8c2d2c6aa130bc7ec7423475bd8f9beba3c9252e9dbe9c6644dd0867560479daSecunia Security Advisory - Multiple vulnerabilities have been reported in Netscape, which can be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system.
da88eda0403bc9a8acc075e424c78e6654f656264d699c2c305e829afa003382Proof of concept exploit for the recent JPEG buffer overrun vulnerability that crashes any Windows XP system that has not been patched for this flaw.
8235e8220b01d7e3b3bd9bc0d634b7d3fb3d2ba3a9e71573e8a7c873f0e759faA file inclusion vulnerability exists in PerlDesk 1.x due to insufficient input validation.
fccfe2c244da7f27d78bf36a7fbd20b1efa2f98e85943f0f5988d3d6b984d995Debian Security Advisory DSA 548-1 - A heap overflow error in imlib could be abused by an attacker to execute arbitrary code on the vicim's machine.
cc33a1bbf517c1b544721404299dd7e7b47739a2d5e2e278b25eab5c872cb688Debian Security Advisory DSA 547-1 - SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.
31a9e771d7509988bad9d172db9a1f829b1994e282e9d7830a0a15f8e95f0909UPolyX version 0.3 is a simple polymorphic open-source UPX scrambler. Comes with VC6 source code.
76f803c4a241d2b65788305267750d8bb9e1ae284387570a49288f288b7670e9ProBoards, based off of the YaBB Forums, is susceptible to a cross site scripting flaw.
325050c2279807d4a71e19dfd79394bff4bf0b671074e60d2825e1d7c4a46a56iDEFENSE Security Advisory 09.15.04 - Remote exploitation of an input validation error in version 1.2 of GNU radiusd could allow a denial of service. The vulnerability specifically exists within the asn_decode_string() function defined in snmplib/asn1.c. When a very large unsigned number is supplied, it is possible that an integer overflow will occur in the bounds-checking code. The daemon will then attempt to reference unallocated memory, resulting in an access violation that causes the process to terminate.
638df77df40794f8d30fd8c68bc51f5d5c6d7b8da61c8fe14f8e5f634e0a5c51Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
84e2b09060426c6ec450b10663b596544f0ebfdb7d54e49a64d0c51c4f5c3b6fAntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
f8e8f3a3b8a743716a9e93def8627372fa054b862ba2a8420c60e082e99c5be2gtk+ version 2.4.4 has heap and stack-based overflows that can allow for the compromise of an account used to browse a malicious XPM file.
109cfb0bda1034d53ac5db82dc78234e1d4ebcc321a14ba9479ce9f09f61a3f0libXpm versions below 6.8.1 suffer from multiple stack and integer overflows.
fbd8d4486d62e535a9c1f5d140133d5544c6c2766a0a06ffdf2218a3d4d8b4d9PHP versions above 4.1.2 and below or equal to 5.0.1 suffer from an exposure of arbitrary memory due to bad array parsing in php_variables.c.
afb6950881a4adf473bb29cac47e02559b458a3982c48313c7fdb03ba7a60852SUSE Security Announcement - Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.
87a70d13f5cc20c416e4b2c5025ab490ffacb14800f35874a59c8cd41fdde1cfSITIC Vulnerability Advisory - Apache 2.0.x suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf. In a setup typical of ISPs, for instance, users are allowed to configure their own public_html directories with .htaccess files, leading to possible privilege escalation.
9477ee2d98ddded93d0d277ed18e737445767878dc13e19f31e74199f9b89739New Firefox, Thunderbird, and Mozilla releases between September 13 and 14 address 7 critical security issues. If you have not already, upgrade today.
e9d350da84264e6d5b1ca1b7bc56d5d368693bc81e678bb46bc9cee697f2656eThe SMC7004VWBR and SMC7008ABR wireless routers allow a spoofed visitor to have administrative access to the devices and to retrieve the real administrator password.
47d93c8a01ae8a00f5ce8f50f01dbeef96e9fd7663203b415a618f92fee1c5d0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed