Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
eb0045d8335d416396d4ea3020455da381eb50f86bb4463506df1c7146b6572dSecunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
0c62dba45771af84679292305942045e3e82e928d385b162cf38c58f700e5354Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "q" parameter to index.php/news/search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 2.0.4 is affected.
59d21c16e9a3d64ad21a581410f450194f534465911e15fae42f990be6c070a1Secunia Research has discovered three vulnerabilities in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "title", "subTitle", and "author" parameters to index.php/admin/news/article/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add new article" permissions. Version 2.0.4 is affected.
9ce14d8796ba7fa7a59adf022cd23b2d36528ffd9417f949d367e1d43786d144HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Control server migration for Windows . These vulnerabilities could be exploited remotely for cross site scripting (XSS).
737f225feb2cf8b873a18ab216bb6cf6fb6e4652b1a2c62a2b8f6102dbca6bf7HP Security Bulletin - A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely resulting in unauthorized access to data.
c7b056261825d5713332fdfbace50f7d031f0239363b72ddf03f197b07736c2de-Webtech suffers from a remote SQL injection vulnerability in fixed_page.asp.
6737161257fb3f8bba6ff30d17a314b9fa0479294faabe4f0447c25bca29f891VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave Player. This vulnerability is caused due to a memory corruption error when processing 0xFFFFFF49 3D blocks within Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
fca3c4b1182174601636ba9081feb0d22ccfa325385cdaa1d84cce75cdd4a5eeVUPEN Vulnerability Research Team discovered seven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruptions, array indexing, heap overflows and invalid pointers when processing malformed files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
350e0f3198e35fcf0c1c75b940682fbeffa174ddc0b609b86fc1a35c428f798eVUPEN Vulnerability Research Team discovered two critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruption errors when processing malformed 3D Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
8fe87b7b044004faab22d9d44d62f036a4b9045db946887eb957b795f9911df9VUPEN Vulnerability Research Team discovered eleven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to integer overflows, array indexing, and memory corruption errors when processing malformed Shockwave or Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
c2ffc80cdc36096e80f2c00c27491571ea28746b9e6cc10037e4cfabbf25a862This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.
f3ff123d9ef2eba8c062e175d82383b57a5e07649ff93381eb910c33c5dbb9cdSecunia Security Advisory - Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
3cc5e8c9842d1a754346ad139094ae0bc3cc25a7fb08d9c2cb0ffa2e03b8b3ffSecunia Security Advisory - A vulnerability has been discovered in the Konsultasi component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
245ffb1c780871084331b9cc2ae664993a12c9a0cbe724a353fd2ddad3bd504bSecunia Security Advisory - Fedora has issued an update for php-ZendFramework. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.
bab7ca3ead3518360cd57b715dcfb298d31b12e835507f071f2f8324b66bf6e5Secunia Security Advisory - Fedora has issued an update for mod_auth_shadow. This fixes a vulnerability, which can potentially be exploited by malicious people to bypass certain security restrictions.
c1a298c5916b52432a8b86b89d8daab02f4b9f85d5aae52d27540d411fdaf6aaSecunia Security Advisory - A vulnerability has been reported in Press Release Script, which can be exploited by malicious people to conduct SQL injection attacks.
45c195b24d49ca291b1f291385b3971824fb5446d22e4645abb6fa95308fb52eSecunia Security Advisory - Ubuntu has issued an update for kdenetwork. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security features and to compromise a user's system.
5bdbba7609270bd24924743df04839e268d4ba37a9fb81590fe2cc7a9dfe0b0aSecunia Security Advisory - Fedora has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.
ef3f3f762d37d454fafb927ffbe8d6caf38dfc0a072931394541f1a65bdb4a8bSecunia Security Advisory - Some weaknesses and vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.
0cd3fa2d6b63029a707926283b9f14b60cc6785aee0908172d6fbd3b28143580Secunia Security Advisory - Some vulnerabilities have been discovered in NPDS REvolution, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
ec66ec5d30e7e4ce24f4e94bce28d015b3c41873f8f84eac98d60a3c549b044bSecunia Security Advisory - Cut-Me-Own-Throat Dibbler has discovered some vulnerabilities in NPDS REvolution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
3632ad60a565261c957a3e8cba97a852f048d7ecadbc49b2b55d49b841dd2c49Secunia Security Advisory - Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a45fdb9954bda0fe27bffc6e66786bc1eeaff93442d4e65a4f9a294028dc92c2Secunia Security Advisory - Fedora has issued an update for boa. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.
0103c25c631b12b4c1bf0edf79675be0d1e9a7857ed86c63f021e4cabe334073Secunia Security Advisory - A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service).
4f79cd03a48ac0cc5af8e759c854a5e0816fcfdc7c032f2c14028c7a2bd4678d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed