the original cloud security
Showing 51 - 75 of 93 RSS Feed

Files Date: 2010-05-14 to 2010-05-15

IrfanView PSD RLE Decompression Buffer Overflow
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1510
MD5 | c459eb16eb6d204e377978b43457b810
IrfanView PSD Image Parsing Sign-Extension Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1509
MD5 | 1d02a239b656c9b47420d49aa0503894
TomatoCMS "q" SQL Injection Vulnerability
Posted May 14, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "q" parameter to index.php/news/search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 2.0.4 is affected.

tags | advisory, arbitrary, php, sql injection
MD5 | 809f265a80f871b91432e737812aba64
TomatoCMS Script Insertion Vulnerabilities
Posted May 14, 2010
Site secunia.com

Secunia Research has discovered three vulnerabilities in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "title", "subTitle", and "author" parameters to index.php/admin/news/article/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add new article" permissions. Version 2.0.4 is affected.

tags | advisory, arbitrary, php, vulnerability
MD5 | 14c9aaec0aec6e80a4d4a4e348310e2b
HP Security Bulletin HPSBMA02522 SSRT100086
Posted May 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Control server migration for Windows . These vulnerabilities could be exploited remotely for cross site scripting (XSS).

tags | advisory, vulnerability, xss
systems | windows
advisories | CVE-2010-1557
MD5 | 21d66a64fcc698858bd97014e957a368
HP Security Bulletin HPSBMA02520 SSRT100071
Posted May 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely resulting in unauthorized access to data.

tags | advisory
systems | linux, windows, hpux
advisories | CVE-2010-1556
MD5 | 748ebae5e65f48d03c171f59773b4e50
e-Webtech SQL Injection
Posted May 14, 2010
Authored by Fl0riX

e-Webtech suffers from a remote SQL injection vulnerability in fixed_page.asp.

tags | exploit, remote, sql injection, asp
MD5 | 9ca7a80d43f84c88105e234455516bc6
Adobe Shockwave 0xFFFFFF49 3D Block Code Execution Vulnerability
Posted May 14, 2010
Authored by Chaouki Bekrar | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave Player. This vulnerability is caused due to a memory corruption error when processing 0xFFFFFF49 3D blocks within Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.

tags | advisory, web, arbitrary
advisories | CVE-2010-1283
MD5 | 7e79d7403f6fab48bd5f7b24ad05bf93
Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities
Posted May 14, 2010
Authored by Chaouki Bekrar | Site vupen.com

VUPEN Vulnerability Research Team discovered seven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruptions, array indexing, heap overflows and invalid pointers when processing malformed files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.

tags | advisory, web, overflow, arbitrary, vulnerability
advisories | CVE-2010-1280
MD5 | ec6dc7a3e079308303591f2a55886e7e
Adobe Shockwave 3D Two Code Execution Vulnerabilities
Posted May 14, 2010
Authored by Chaouki Bekrar | Site vupen.com

VUPEN Vulnerability Research Team discovered two critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruption errors when processing malformed 3D Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.

tags | advisory, web, arbitrary, vulnerability
advisories | CVE-2010-1284
MD5 | bc804c76a4dc96f757bdd684477b07fa
Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities
Posted May 14, 2010
Authored by Chaouki Bekrar | Site vupen.com

VUPEN Vulnerability Research Team discovered eleven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to integer overflows, array indexing, and memory corruption errors when processing malformed Shockwave or Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.

tags | advisory, web, overflow, arbitrary, vulnerability
advisories | CVE-2010-0129
MD5 | 2965146342257692814d2f5b0dd349fc
Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow
Posted May 14, 2010
Authored by Snake, SkD | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.

tags | exploit, overflow
systems | windows, vista
advisories | CVE-2010-0033
MD5 | 7bb93b9e40ea4005796927bb1b961a45
Secunia Security Advisory 39665
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.

tags | advisory, vulnerability, sql injection
MD5 | 18e35c2de34eab62d25ff74fc60af0a4
Secunia Security Advisory 39816
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Konsultasi component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 5d297db9bd6ae2ce5761ae44ff643370
Secunia Security Advisory 39827
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for php-ZendFramework. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.

tags | advisory, php, vulnerability, xss
systems | linux, fedora
MD5 | 4bab534c185a292b7efbf4f8a490ea34
Secunia Security Advisory 39823
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mod_auth_shadow. This fixes a vulnerability, which can potentially be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, fedora
MD5 | fedb97844b1a1c8741a916ab7e8101a8
Secunia Security Advisory 39826
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Press Release Script, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | fbe7260fcdcb76583e3f976dce2e3364
Secunia Security Advisory 39787
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for kdenetwork. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security features and to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 274aa53598397b2f42e6f62a9b25f958
Secunia Security Advisory 39821
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.

tags | advisory
systems | linux, fedora
MD5 | 14c798cf320c1fbdca893cd59ba70166
Secunia Security Advisory 39822
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 2a081080e8c02f3542c07267993dc913
Secunia Security Advisory 39824
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in NPDS REvolution, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 57454b2a2214a808f1730ef9759ba7e6
Secunia Security Advisory 39828
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Cut-Me-Own-Throat Dibbler has discovered some vulnerabilities in NPDS REvolution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
MD5 | 529a62811ec259d07ab50f9f9af4e8a0
Secunia Security Advisory 39765
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | 518154342efb845507ead1278bb0fdb6
Secunia Security Advisory 39775
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for boa. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | linux, fedora
MD5 | 72051af0797a347cefe6a2ea36419acc
Secunia Security Advisory 39801
Posted May 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 84e102f201caac61195d786ca21f7d9b
Page 3 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close