Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.
fc8110eba746beaeaeb312acf0c3de98f282e855acb65e89c31ceef45a4695c5Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Microsoft Office Visio, which allow a remote attacker to compromise a system through a malicious document.
4ddb8146c2a01939e8998f706909c46588252e14afc6f4ee3ed9ebe1e339c565Technical Cyber Security Alert 2010-103C - Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
122d675cfc2564336cee46a233e0de2bf41adbdeb473dbc8636262213b35e267Mandriva Linux Security Advisory 2010-071 - Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
4f2e730b7e9d6e4a1620d4b0afacf275a4fb99dc0d7d71c16271806cd9c5d469Zero Day Initiative Advisory 10-075 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes an XML request containing specific UTF-8 characters, an underlying library will raise an exception that is uncaught by the application. Due to the exception being uncaught, the application will then terminate which will cause future requests made against the service to fail. This will lead to a denial of service against the affected application.
247d31263eb05779bae84a92141bec9562b0d25a7f64ab4cf80dc8ece2d84478Zero Day Initiative Advisory 10-074 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's LDAP implementation and can be triggered via a malformed LDAP query to the service. When the service decodes the malformed query, the application will cause a buffer overflow which can lead to code execution under the context of the service.
3fd51fbf66a177cb188fc7514a8364a7877e68d67997a092b77daa01c422eeeeThis Ruby script scans a given site looking for administrator login pages.
4807fc91ca699c013d3390a37be1c780e241a1029fe00cbc5dffd54990d56312This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.
e19a0914b0f6880f78c49d6c67f5ecd55462ffd15303f6b5a94f170bc503365bTechnical Cyber Security Alert 2010-103B - The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
2459ad9983926671049928179a4cfcb8c882f48d67a5d3cd6f8b3044cee1bb7dThis whitepaper is called Tutorial Basico THC-Hydra. Written in Portuguese.
1829b4450c17c4a90409586f07ccee48c92c1f8be2fa9da08f71d3ce3523576aZero Day Initiative Advisory 10-073 - This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTTP POST request to the webserver that the application has bound to. When the service processes a search request with a malformed username, the application will dereference a null pointer causing any future queries made against the webserver to fail. This will lead to a denial of service against the affected service.
e54c4cfdaef65c3e8ab9c3b030666f09ed92cf463631d7259e7f7143430fbe3cViper Corp Collection Issue 0x01 - This is a Brazilian e-zine that covers exploit stack overflows on Windows, shellcoding on Linux, heap overflows, and more.
48dab11e6b3187670584cc98abf5235e4d5360c9d31dc4c4fcd6705249542204Technical Cyber Security Alert 2010-103A - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange.
f7c0d2974849b72881e9d7b9ce4bae81af01d2a552a4a9ecc9657f6d1009b30bJoelz Bulletin Board versions 0.9.9rc3 suffers from multiple remote SQL injection vulnerabilities.
ce146abc3416c98644313347de1b235a6d75d88e5790fae73da541db5810ff60Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.
a419b8807446f9d9cd84fe11e19c1479130543783894b1b6e25b11628d8c7b3cZero Day Initiative Advisory 10-070 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for retrieving a codec for an unknown fourCC compression code. If an embedded Windows Media Player control attempts to play a media file containing an unknown codec it makes a request to Microsoft to retrieve the necessary capability. If the control is removed from the page while attempting to do this, cleanup routines will call an already freed pointer. An attacker can leverage this to execute arbitrary code under the context of the user running the browser.
d738a45d8056ac0c0b9953e7d9cbd31ee67409a6be049bc77ac22f3cb287179cZero Day Initiative Advisory 10-069 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publisher 97 format. While processing a TextBox item, several programming errors can be triggered allowing a maliciously created publisher file to execute arbitrary code under the context of the user opening the file.
3570dc640876c200308b1882b1f3d3845e18e8957ac225ec81908276c8a0f320Mandriva Linux Security Advisory 2010-070 - Many security issues were identified and fixed in firefox. These issues range from memory corruption to stability bugs.
d1dbac31fec5aaf4ccbfa6c390607e2f03c8adad158389687409d09844832819Police Municipale Open Main Courante version 1.01beta suffers from local file inclusion and remote file inclusion vulnerabilities.
bff038a87426c05991c6895890f6ea153872a91613aec5757cdf27023e3ab4f4Openurgence Vaccin version 1.03 suffers from local file inclusion and remote file inclusion vulnerabilities.
7ba4ef6f5bae7f2cdf5d07112e00a288f14b75104ed0ad1e9cb86f6c9e06718cGames Script (Galore) suffers from a backup disclosure vulnerability.
b00f9942ca90b2856227f8ec53d594126cb7bee5b1efa6af620f5a278e9f13fdThe Joomla QPersonal component suffers from a remote SQL injection vulnerability.
9851ddd52e5e62c0262b023274a91ac037f8a43371fd991f6cebd593a2eb2134MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.
76401bf313ed59fd28899756d38cace82dd2d12586e3c58956850da0f8a12cc1MyBB versions 1.4.11 and below suffer from a password reset vulnerability.
eebecf174ba3f29f1d553d050fbff4e47f7d1b2b733b9981a342465b41506447VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.
9b7e2d5d9e6d71cece7b4f8e09a5fa1063bb231718082ebea4980540a99db1c7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed