Secunia Security Advisory - chap0 has discovered a vulnerability in D.R. Software Audio Converter, which can be exploited by malicious people to compromise a user's system.
1b2034dcadbccb609909154e80159356bb3ff7a0a15edc92ad1c511a7f2bc682Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
ff5879a61de8fe664e3c67a77afde42c4a1147966d7c5aa6707e61ecf9b19869Secunia Security Advisory - Fedora has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).
ef2bda1caae1b6838e8ca80b6c6f701006040eb887b9a7124937f1ff2b6c805aSecunia Security Advisory - A security issue has been discovered in Apple Safari, which can be exploited by malicious people to potentially disclose sensitive information.
d862dc23de7af38e588e9ab0eb91145389ba1ef390c58e33825ed08a05236093Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
89e9edf66437efedf5fad8134fc523e4293b7917f1b8346840c540c6dbdfa9ffZero Day Initiative Advisory 10-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
6349a1bd3060c2050d441e1c279af5abec002cec2544760f646399fe43d792a9Zero Day Initiative Advisory 10-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. When the ovwebsnmpsrv.exe process is started a function responsible for parsing command line arguments does not properly handle unrecognized options. By supplying an overly large unrecognized option through an HTTP request the error handling functionality can be made to overflow a static buffer while creating the error message. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
0c1a2b2d17574aa829d3fc97e050a16f7382be3ff7d6ac10bd8e37e2a78b3a82Zero Day Initiative Advisory 10-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of SXVIEW records in an Excel spreadsheet. Due to the lack of checking when parsing structure items for the record it is possible to write arbitrary data to a user controlled address. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
cbe099f36c8295d33c315678818cb80cb44f715a67c84a74ea53fbbd66066c17TMAC is a simple bash program for randomly changing the MAC address of a Network Interface Card (NIC) on Linux .
4f6a66e27eed698a39d4a2960997b14b9c4eacfb20c36f5e8bd98b842239e67eSecunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an uninitialised variable being used as size argument when copying data during parsing of certain record types. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
c7fcd27a138d8c91931ffa1bad82d555dfeda766e681520b3975edc5474fedb9Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
3317b05f07d3375ba69a0a88550df747e13c68c010f5503c80c416ee969ba63aImage Store version 1.0 suffers from a shell upload vulnerability.
09d450eae2b58afceb32dedcc4f49d9bc14e506c6bf195b61e9b6e04fce0d820Mandriva Linux Security Advisory 2010-112 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
1539ef48affa2bdd4ff1fbcb10baca165eb4383531035668c0ec1d1d3f31e4c6Technical Cyber Security Alert 2010-159B - Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft SharePoint Services, and Microsoft .NET Framework.
7ad057dce9e2f190780239863458217708dedd0454505abe9ed7694a314e3fd2The Linksys WAP54Gv3 has a debug interface allowing for the execution of root privileged shell commands. Hardcoded credentials, that cannot be changed by user, can be used for accessing the debug interface.
fdf38433a8997957918a85f42b989155a632e3f26c1a3e0c4b124196a974e81aHP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server.
67cc3884d88a4fd6c68a1313fd79231d9a98d7e3061f3a85a03061cda3779f04Core Security Technologies Advisory - CubeCart PHP Free and Commercial Shopping Cart suffers from a remote SQL injection vulnerability.
94116a9626ca38c007de10d783111163c26361648b8b5ad6d2ed15e85a12245cZero Day Initiative Advisory 10-103 - This particular vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required in that a target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of DBQueryExt records in an Excel spreadsheet. Due to the lack of checking when parsing particular fields within the structure, it is possible to get a user-controlled pointer to be called. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
6c1b37a29277ec5a096d645185821a76f4bcb2acb9f0399846219279154102e4Zero Day Initiative Advisory 10-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. If the stylesheet was created as part of an element not in a markup the root container can be freed when that element is destroyed. When the application attempts to use the stylesheet after this, an invalid pointer is utilized. This can be leveraged by attackers to execute arbitrary code under the context of the user running the browser.
2b47976bc648da7eafab2b47a2a1c90e4de158f77e44a02724f02ee855b903e0PHPList version 2.8.11 suffers from a remote SQL injection vulnerability.
0e9de7054d38234df16b6d2d493567f6c566c3c0c9e63c8242473e6b5baff14cPhreebooks version 2.0 suffers from a cross site scripting vulnerability.
39b119cc6d0555e3eea4e7a39e9dd4986e12adaa39380b4219d824bf21a32b61Phreebooks version 2.0 suffers from a local file inclusion vulnerability.
ac0b39dc56f65ddd39167573a3cfd15a5c730ef39e2e76c333868f165627463ePhreebooks version 2.0 suffers from a directory traversal vulnerability.
4a6f328a9fbe8fe24fa52a29a3dbbed62ea06b3339283a2e5f5fde6dd00d720dZero Day Initiative Advisory 10-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the run-in display property. On insertion of a specific element with the "run-in" display property, the application will create a duplicate reference of a child element used to support that attribute. Upon destruction of the parent container, the application will then call the destructor for this child element multiple times. Successful exploitation can lead to code execution under the context of the application.
9342f3bf4b7690aedf36bbb08aa68195117842acf9998983e5af8cdc3bec36bfiRealty PHP Real Estate Script suffers from a remote SQL injection vulnerability.
2ec18846577eb1806976c7a0e4085f4638e60640db209d2161a089926c7a1faf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed