OpenSSL Security Advisory 20090325 - The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Other issues were also addressed.
1740e31a83c7080938d1549888d5d57117009bb5f4125b9b6e9a693b6f8595f8Zero Day Initiative Advisory 09-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists when processing malicious JavaScript contained in a PDF document. When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. If successfully exploited full control of the affected machine running under the credentials of the currently logged in user can be achieved.
3966eb32a4b46860d3fd3a7759decd3530e5798e73e8cc0daf08deac574462a2Gentoo Linux Security Advisory GLSA 200903-38 - Multiple vulnerabilities have been found in Squid which allow for remote Denial of Service attacks. The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. Versions less than 2.7.6 are affected.
8e7a23103f5c174d2c66e43c603c3eae5f718455c874e000d29ca014a51a857eDebian Security Advisory 1753-1 - As indicated in the Etch release notes, security support for the Iceweasel version in the oldstable distribution (Etch) needed to be stopped before the end of the regular security maintenance life cycle.
d3a13db03821e337345d639636f4a2a62e4a990f1f47f22194a866d7c0e0a38biDefense Security Advisory 03.24.09 - Remote exploitation of a heap based buffer overflow vulnerability in Adobe Systems Inc.'s Reader and Acrobat could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a JBIG2-encoded stream inside of a PDF file. JBIG2 is an image encoding format that is primarily used for encoding monochrome images such as faxes. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.
e7cfd89da7bd450aec69dbd1d239966531bfa5c6db9726eb7db2cf3f804a3158Microsoft GdiPlus EMF GpFont.SetData integer overflow proof of concept exploit.
d3b60e5e3688b9d65c839ace2644f485e97a63bf12c1bf04703945cfb3135987Adobe Acrobat Reader JBIG2 universal exploit that binds a shell to port 5500.
4784e82356d5a32b115f9862328d5e50edd27d6058ed9a90431d49bae5b67386SurfMyTV Script version 1.0 suffers from a remote SQL injection vulnerability in view.php.
9b70f344a0d336d6e0bd3376f4ef29f936db487fbfdd4ce86f7edd2c5c311d14HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running VRTSvxfs and VRTSodm. The vulnerability could be exploited locally to cause an escalation of privilege. VRTSvxfs and VRTSodm are bundled with Storage Management Suite (SMS) and Storage Management for Oracle (SMO).
5a7b28ccf2b96511d36e3c9d98c5c418293f1048f04632e2e6308a2fb54b82caHP Security Bulletin - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code.
f976338d1ba974c66688ca0437322c3fccf76d7ef9d8681481050ba3e79ebd0bJinzora Media Jukebox versions 2.8 and below suffer from a local file inclusion vulnerability.
d6583277eafcf9feaca16cd6cb51c8c0624c53f0621e381b4eb2ce1e04b25c5eThe Monkey-Spider is a crawler based low-interaction client honeypot. It is not only restricted to this use but it is developed as such. The Monkey-Spider crawls web sites to expose their threats to web clients.
e7e0910bc07c73526187d4c9303ef970e6a820fa1ccafc2efd1aa343e9fc2678PHPizabi version 0.848b C1 HFP1 proc.inc.php remote privilege escalation exploit that uses SQL injection.
f19fa58eccb848bc5470bef28dbbf0086ee2285a4e51e3d5c796b1c703fb0ef2Femitter Server FTP version 1.x suffers from directory traversal, file creation, and file deletion vulnerabilities.
074c39eb6217075f81ecd9c0a80de5ad0e6abf7294dd595771abc7bcf17454f2microfluidics.hms.harvard.edu suffers from a remote SQL injection vulnerability.
a9cde86211a21cb497455f1514ed0eeb6c961d2486399c76a17bec70390878ecComparison Engine Power version 1.0 suffers from a remote SQL injection vulnerability.
a2ec42239def76fe2daa7c5556b283453ae1d5142d882a3e969475dee7a605ffIdea Cellular suffered from a SQL injection vulnerability.
58db50ea20a4e0d8945ec934cad0bb3336aad9c5172ea8e6a05907837d051921IncrediMail version 5.86 cross site scripting exploit.
7799d46351965c059220f0119b62b46e65d23589e8c3b252ce527493742cf828Secunia Security Advisory - Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, or to potentially compromise a user's system.
5abf5537582fa72b9b1764557be336e895994190beeb14f92f585b24a5ba891eSecunia Security Advisory - Gentoo has issued an update for Squid. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
9b161bced60b47f67fcab9b45fd49348be4faac5d875a3bb087de9b6813fa713
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed