Secunia Security Advisory - Will Dormann has reported multiple vulnerabilities in the acpRunner ActiveX control, which can be exploited by malicious people to compromise a user's system.
27a0809360bdacf42b6aa107549474b18510699f9e7bfa07d0c2e82f87c74609Secunia Security Advisory - Wouter Coekaerts has reported a vulnerability in multiple irssi music announcement scripts, which can be exploited by malicious people to bypass certain security restrictions.
c24fd2f3ab21f00551320c0086706f435ff8135c66f96ea6f38d07766a2b2183Secunia Security Advisory - Wouter Coekaerts has reported a vulnerability in xmms-thing, which can be exploited by malicious people to bypass certain security restrictions.
70c6d7a6d75088c45fcd43cf24a6c3483d84965c68d12020406db04460e9b63cSecunia Security Advisory - Wouter Coekaerts has reported a vulnerability in XMMS Remote Control Script, which can be exploited by malicious people to bypass certain security restrictions.
d5b38faec7b1023e002fdbcfec5f7cda596e38456234159a2e819da1ed36b029Secunia Security Advisory - Wouter Coekaerts has reported a vulnerability in Disrok, which can be exploited by malicious people to bypass certain security restrictions.
dd1426a594f928898f2f00b34b78562af2a2381a0e482d156bcf65cf4b713298Secunia Security Advisory - Wouter Coekaerts has reported a vulnerability in a2x, which can be exploited by malicious people to bypass certain security restrictions.
0ba287c80d0611cb4ad49ef7dacedbf59c17853258b2be7a45cba5c83980a8edSecunia Security Advisory - Wouter Coekaerts has reported a vulnerability in Another xmms-info script, which can be exploited by malicious people to bypass certain security restrictions.
fd2fd68b1bd5c7654c4ee0502b56bd943697350fd4af99820c8a1fd48599279eSecunia Security Advisory - Wouter Coekaerts has reported a vulnerability in xmms.bx, which can be exploited by malicious people to bypass certain security restrictions.
557d65d3473bc4a54ff52374d7fc3e2f63ef470a3629ce4eb3f47ff5dbd2bf3eSecunia Security Advisory - Wouter Coekaerts has reported a vulnerability in xmms.pl, which can be exploited by malicious people to bypass certain security restrictions.
49372fa31213dbbc629caebfee8c63070864ed62aa30c06615ceb9b768d7ffa9Secunia Security Advisory - Wouter Coekaerts has discovered a vulnerability in Advanced mIRC Integration Plugin, which can be exploited by malicious people to bypass certain security restrictions.
52707b7e91ce6cf780f8e2f22ccc962db4d8d64af122439955ae698e48eefd84The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
1e8deb3be83198f6102ea2cfa87c324f6fa31399e90dffd2f0e3b56d0ac9ab6fGentoo Linux Security Advisory GLSA 200708-09 - Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers, a problem with event handlers executing elements outside of the document, and a cross-site scripting (XSS) vulnerability. They also fixed a problem with promiscuous IFRAME access and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects. Denials of Service involving corrupted memory were fixed in the browser engine and the JavaScript engine. Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed. Versions less than 2.0.0.6 are affected.
764eb18f274a13a2519a59558d5e3a6de627854283160fa729985a477c6ca6a8iDefense Security Advisory 08.14.07 - Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.'s XML Core Services may allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in incorrect checking being performed on the length argument to the substringData() method of an XMLDOM object. When certain length values are supplied, a large region of memory is copied into a buffer of insufficient size. iDefense confirmed the existence of this vulnerability using Internet Explorer 6.x on Windows XP SP2. It is suspected that other versions are also affected.
f9bcf5ae6ba542ea3738f635fd826735147768f8c106723ed5723ad418e549e8iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.
b72e8982684f82bb2ef8f850fc5b1d27c583c8eb479eac82601e2686a3b3bac8Zoidcom versions 0.6.7 and below proof of concept exploit that demonstrates a crash vulnerability.
138fd40e2de6eb84ad1259c781269ae1077d0bedea7a2ecaa48a56bea5fe28a1Zoidcom versions 0.6.7 and below suffer from a denial of service vulnerability.
6c64dd688249e42705afcfe0d02685cc9c5a4d9fc2fcd6aecc882c6d0119dcb7Babo Violent 2 versions 2.08.00 and below proof of concept exploit that demonstrates multiple vulnerabilities.
bd1d92a75ce86e15b8e3df93845f1ad8307b2d173d06b3178b1ed0ea01de1ad3Babo Violent 2 versions 2.08.00 and below suffer from multiple vulnerabilities.
0f461d45f7c3f8e045742f3dfc0c3e6cc5a393c4bc4a8ac951f0dba55b58dfecLive For Speed versions 0.5X10 and below proof of concept exploit that demonstrates buffer overflow vulnerabilities.
0c6a89beb4a07b95ba34a7e6422d06439298f78de9f2f3aeece9e5828367709aLive For Speed versions 0.5X10 and below suffer from multiple buffer overflow vulnerabilities.
35c0c543c662e582655aab6f86cbb8576f08030cb8f3b86b10bea4e9f91c20efVulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.
0f9b632a8194e66912be70699b2b63b542bb327aadc02228f6f4671e2435c7caMandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause koffice to crash and possibly execute arbitrary code open a user opening the file.
89d31e8182e9110ed0b5a04a58b70de50193fa8afed54c84c98aff2c0e8b3f6dA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code.
5202e811d0539734ae0470c1dbc3cfe7e806c8cf6e41bc61351a1e7df01420e8A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user.
fd124b4813e7b30490ec09a758f257012e9680c1e061030a378bc39967915936A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user.
b1220ae8595b89a835ea943c02322c926f4b05d24b18cc55feca92be395049d8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed