Ubuntu Security Notice 498-1 - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.
a4511d1bd36f2afda09a7e3ac14b8473de0af19daba8edad473f4096b0b8fcc2Debian Security Advisory 1356-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
c53758ac8c375ec24755f85ab0df04f7bfb5b29732320b29f3d4926757945636The TypeLib Information object library, implemented in TlbInf32.dll, suffers from a code execution vulnerability.
e427ba1543206c21303e6311555a57d53749181577fe5dec7f3d533a7b88bb9bThe Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
12647279df0a167a813e91d94627b92abe1cca879d0528921db39c1d55eb68d2Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file.
615d492ff4a583c9964f4b3e57e745c7d62cad09d70886783f898e2b61f73d55iDefense Security Advisory 08.15.07 - Remote exploitation of a buffer overflow vulnerability within Environmental Systems Research Institute (ESRI) Inc.'s ArcSDE service allows attackers to crash the service or potentially execute arbitrary code. This vulnerability specifically exists due to insufficient buffer space when representing user-supplied numeric values in ASCII. Certain requests result in an sprintf() call using a static-sized 8 byte stack buffer. If an attacker supplies a number that's ASCII value cannot be represented within 8 bytes, a stack-based buffer overflow occurs. The vendor has confirmed that version 9.2 of ArcSDE, as bundled with ArcGIS, is vulnerable to this attack. All versions are suspected to be vulnerable.
85dddbead8dfc3c87e54bea99eff2fcce5a1965f19503a8ee48cae1507f6c1beCisco Security Advisory - Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to elevate their privileges to those of the LocalSystem account.
18048d89a26800b5a21868caa04299a7818e531df79579a76189757399dc853bHP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Operations Manager for Windows (OVOW) with the OpenView Operations (OVO) add on module for OpenView Operations-Business Availability Center (OVO-BAC) integration running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
608afe549263e596b00d14b11caf4c738025f4acd09542bc88843cf783bb564bA buffer overflow exists in McAfee Virus Scan for Linux and Unix version 5.10.0 that may allow for code execution in the context of the uid running it.
653a20317b4d712bb76a36628d0b5713e8e22a2efbfa964476c159add50fc888The NSFocus Security Team has discovered a memory corruption vulnerability in Internet Explorer 5 that allows arbitrary code execution when parsing a malicious CSS file.
45a8f9aa9d38c801d412958f23324ee611836a6bd70dbf3506a5804651ce34bd2wire routers versions 1701HG and 2071 Gateway are susceptible to cross site request forgery attacks.
6e7c23ea90ad8a1a27332592fa4fb20f3c7323f8e82e7c0ce27f431e06c7a3abMandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues.
4b9691f84f1ab3a6e1240a51aa912ed2ec78100d92ca0a1bb83a43b08e97b10aMandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file.
45a686b43c58e9dd3b89efec59673bc7779044afde8243ea96708d15a6f25b09Whitepaper entitled PHP Endangers - Remote Code Execution.
fc600865f3c5af11188782c06005c01ef0a387a4357eb31725436393278cd10fSysteme de vote en temps version 1 suffers from a remote file inclusion vulnerability.
34c3272761112f763b48754f773655644abcd5449e12e80d542c3d77622da7ccSafari version 3.0.3 allows for arbitrary file uploads.
8489ee641a4ca6b92c2fe0637101f9baf5bf81edb10606acfab99ef50e353bbe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed