Asp VevoCart Control System version 3.0.4 suffers from a database disclosure vulnerability.
6976cde132834283c3dc30393ebb2b91b84d3b0ea4919ebf35e01b483d3fe32cMandriva Linux Security Advisory 2010-005 - The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. The updated packages have been patched to correct these issues.
223f0994d0723ca2175893ca70bd32bd5f955a4de328b10243b97f36ad8d9037Nemesis Player versions 1.1 Beta and 2.2 local denial of service proof of concept exploit that creates a malicious .nsp file.
07deac516fa7221bb6813bd771b9a395740361d6f1611c8daf7f929cbc501694Gentoo Linux Security Advisory 201001-8 - Multiple vulnerabilities were found in SquirrelMail of which the worst results in remote code execution. Versions less than 1.4.19 are affected.
79b67914b106df3b61ec634b24ec4b26b65f59c9160a95eb40b09212c2f69ae2Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.
d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7Espace De Reflexion suffers from a cross site scripting vulnerability.
3d1a505658aa7b39049df8fc2de6a5ac4d359b0c95db2a212a578d88f68514c9The Joomla Tienda component suffers from a cross site scripting vulnerability.
d1a783e70556e3ade23b7a99cee18874dace85f7addafb84cb0a3bc9a0e88352Gentoo Linux Security Advisory 201001-6 - A buffer overflow and a format string vulnerability in aria2 allow remote attackers to execute arbitrary code. Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string vulnerability in the AbstractCommand::onAbort() function in src/AbstractCommand.cc (CVE-2009-3617). Versions less than 1.6.3 are affected.
a822c30e2007d9b78c0ec1cdfdf55abc50eba637e11d4a6e5018cd45a55e7e84StivaSoft version 1.0 suffers from a cross site scripting vulnerability.
66ee111d7c57f5073ca6a6dc9f6b6326001ccc19b82e8a9682666c91edf3f4dcTribisurCMS suffers from a cross site scripting vulnerability.
e8ac7484e385afbcd82e407b99c25c5013156d9f9687052673f997db03e77f94Yoono Firefox extension versions prior to 6.1.1 suffer from a code injection vulnerability.
bfd84bf3aba12e7c69cc818f02ce6095d73f9701b829ecb83f65ad5699232b91iDefense Security Advisory 01.12.10 - Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.
139823d91661e5fccdd9d31846177997f1dc0fdf3d4259d9e33d6b309d80589cTechnical Cyber Security Alert 2010-13A - Adobe has released Security bulletin APSB10-02, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
f4bf53ec228a26f9f042e920f4fee3fc57a22155c7ff1bed635761ece4adbf70Debian Linux Security Advisory 1970-1 - It was discovered that a significant memory leak could occur in openssl, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded.
9749f4b5342fe7276702d2012abb05c19cc70639bcbead7ea8ba625ddd558a15The Joomla Article Manager component suffers from a remote SQL injection vulnerability that allows for authentication bypass.
efab829103423956ef726413bbab774b1d91c7ee9fad2e446f377258f19ee484Power By Traidnt UP version 1.0 suffers from an insecure cookie handling vulnerability.
926e95c2249f73e7d86c2bebce22168a8e5aa965dd549664522178c3ee03afc0Dodo Upload version 1.3 suffers from a shell upload vulnerability.
96b41507587b2c38fc116ec546ff1d78be442ccb668311a5a00599c5cca4ed97Gentoo Linux Security Advisory 201001-5 - A remote attacker can bypass the tcp-wrappers client authorization in net-snmp. The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Versions less than 5.4.2.1-r1 are affected.
2bc5ca3efe008eecf59b335175b33247f291233c3a8ffef898d219066709f07bGentoo Linux Security Advisory 201001-4 - Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Versions less than 3.0.12 are affected.
3606c9f3bb210a3c7c931fc18ff5f61ea8e172627b138ac29e2bb607f42a5d39Hesk Help Desk suffers from a cross site request forgery vulnerability.
9874c8de3232fac3291047fe238475fb386cb0475c6c001211f36969978ef5b4Ubuntu Security Notice 883-1 - It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys.
ab33674fe5c889754644b55791e3cbfe63a0cd1b80bcb8efbe5b53f312faf956Ubuntu Security Notice 882-1 - Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions.
cd84529d17d2626ad3cfc09945cde3a151f1ded241b92b2d05de3bbf06264243Ofilter Player crash proof of concept exploit that creates a malicious .ini file.
703ad65b4f8426288ebddbaf3f51605f1e944c689c59eab2a902e9f221a186d1NPlayer local heap overflow proof of concept exploit that creates a malicious .dat file.
5e6ecda17bd4819269900bfdd4cd651c585c36475d09f93d8167deaccb69c93cDebian Linux Security Advisory 1969-1 - It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.
c4c0487c3ec908e26276616469e2ceb5a694e1905319464efe1257fe6f2cb47e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed