Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
eb0045d8335d416396d4ea3020455da381eb50f86bb4463506df1c7146b6572d
Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.
0c62dba45771af84679292305942045e3e82e928d385b162cf38c58f700e5354
Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "q" parameter to index.php/news/search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 2.0.4 is affected.
59d21c16e9a3d64ad21a581410f450194f534465911e15fae42f990be6c070a1
Secunia Research has discovered three vulnerabilities in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "title", "subTitle", and "author" parameters to index.php/admin/news/article/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add new article" permissions. Version 2.0.4 is affected.
9ce14d8796ba7fa7a59adf022cd23b2d36528ffd9417f949d367e1d43786d144
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Control server migration for Windows . These vulnerabilities could be exploited remotely for cross site scripting (XSS).
737f225feb2cf8b873a18ab216bb6cf6fb6e4652b1a2c62a2b8f6102dbca6bf7
HP Security Bulletin - A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely resulting in unauthorized access to data.
c7b056261825d5713332fdfbace50f7d031f0239363b72ddf03f197b07736c2d
e-Webtech suffers from a remote SQL injection vulnerability in fixed_page.asp.
6737161257fb3f8bba6ff30d17a314b9fa0479294faabe4f0447c25bca29f891
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave Player. This vulnerability is caused due to a memory corruption error when processing 0xFFFFFF49 3D blocks within Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
fca3c4b1182174601636ba9081feb0d22ccfa325385cdaa1d84cce75cdd4a5ee
VUPEN Vulnerability Research Team discovered seven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruptions, array indexing, heap overflows and invalid pointers when processing malformed files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
350e0f3198e35fcf0c1c75b940682fbeffa174ddc0b609b86fc1a35c428f798e
VUPEN Vulnerability Research Team discovered two critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruption errors when processing malformed 3D Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
8fe87b7b044004faab22d9d44d62f036a4b9045db946887eb957b795f9911df9
VUPEN Vulnerability Research Team discovered eleven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to integer overflows, array indexing, and memory corruption errors when processing malformed Shockwave or Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
c2ffc80cdc36096e80f2c00c27491571ea28746b9e6cc10037e4cfabbf25a862
This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.
f3ff123d9ef2eba8c062e175d82383b57a5e07649ff93381eb910c33c5dbb9cd
Secunia Security Advisory - Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
3cc5e8c9842d1a754346ad139094ae0bc3cc25a7fb08d9c2cb0ffa2e03b8b3ff
Secunia Security Advisory - A vulnerability has been discovered in the Konsultasi component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
245ffb1c780871084331b9cc2ae664993a12c9a0cbe724a353fd2ddad3bd504b
Secunia Security Advisory - Fedora has issued an update for php-ZendFramework. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.
bab7ca3ead3518360cd57b715dcfb298d31b12e835507f071f2f8324b66bf6e5
Secunia Security Advisory - Fedora has issued an update for mod_auth_shadow. This fixes a vulnerability, which can potentially be exploited by malicious people to bypass certain security restrictions.
c1a298c5916b52432a8b86b89d8daab02f4b9f85d5aae52d27540d411fdaf6aa
Secunia Security Advisory - A vulnerability has been reported in Press Release Script, which can be exploited by malicious people to conduct SQL injection attacks.
45c195b24d49ca291b1f291385b3971824fb5446d22e4645abb6fa95308fb52e
Secunia Security Advisory - Ubuntu has issued an update for kdenetwork. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security features and to compromise a user's system.
5bdbba7609270bd24924743df04839e268d4ba37a9fb81590fe2cc7a9dfe0b0a
Secunia Security Advisory - Fedora has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.
ef3f3f762d37d454fafb927ffbe8d6caf38dfc0a072931394541f1a65bdb4a8b
Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks.
0cd3fa2d6b63029a707926283b9f14b60cc6785aee0908172d6fbd3b28143580
Secunia Security Advisory - Some vulnerabilities have been discovered in NPDS REvolution, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
ec66ec5d30e7e4ce24f4e94bce28d015b3c41873f8f84eac98d60a3c549b044b
Secunia Security Advisory - Cut-Me-Own-Throat Dibbler has discovered some vulnerabilities in NPDS REvolution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
3632ad60a565261c957a3e8cba97a852f048d7ecadbc49b2b55d49b841dd2c49
Secunia Security Advisory - Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a45fdb9954bda0fe27bffc6e66786bc1eeaff93442d4e65a4f9a294028dc92c2
Secunia Security Advisory - Fedora has issued an update for boa. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.
0103c25c631b12b4c1bf0edf79675be0d1e9a7857ed86c63f021e4cabe334073
Secunia Security Advisory - A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service).
4f79cd03a48ac0cc5af8e759c854a5e0816fcfdc7c032f2c14028c7a2bd4678d