Mandriva Linux Security Advisory 2010-149 - Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code.
518eb7bc7249ad25eb6d7bc3621939600acc7d6993a1e8df6ecbb549a4c20422Mandriva Linux Security Advisory 2010-148 - The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a title element.
73a7687798f1b3157fd274c9233b6be9be55b40d328958b872821cf557c661b4Kleeja Upload suffers from a cross site request forgery vulnerability.
fd61cf219adc0ef603546ae4d6599c46d3e9905cf472f8059c220103bcca4f2fXM Easy Personal FTP server version 5.8.0 LIST denial of service exploit.
c83660d7bfa16835f8fc510c19e204667bb86cc9276b7a289c86d307af49f792Zero Day Initiative Advisory 10-154 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of the 'first-letter' css style. If a particular container has the first-letter style applied to it, the library will create a dual reference of text associated with the style for rendering. Later upon repainting or style recalculation, the application will access the freed memory which can lead to code execution under the context of the application.
3951684f1716662b2cac29b6c91dc732a02ca2ec783ab311c518fb0f9371c01cSecunia Research has discovered two vulnerabilities in glpng, which can be exploited by malicious people to compromise an application using the library. Version 1.45 is affected.
62dffe4cc0c16f226e1002bd5370546eea705a941e53ae15e5e4e6afe93e9ac5Knowledge Tree version 3.5.2 Community Edition suffers from a cross site scripting vulnerability.
65b5ab4307f29b1908dcd9471f717446315c695b85f7a9d86eb2fee0279fd694Zero Day Initiative Advisory 10-153 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. Later the application will attempt to destroy this reference triggering corruption. Successful exploitation can lead to code execution under the context of the application.
78008edd511b51fe7b3b0d9b75ba9c15c19ece2e512aaa6e1d7c220bcf9f6622SaurusCMS version 4.7.0 suffers from a remote file inclusion vulnerability.
f36142a9228cf0b85a45e651ee04d6e05f6b99ee3c43441fd5372de0eb476a42Cisco Security Advisory - The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain denial of service vulnerabilities during RTSP, HTTP, RTSP, and Session Initiation Protocol (SIP) inspection and SSL.
7298347b56f8e1e5b7879f304cdd126959fccbef77415baf7441185da3b4d5d5Ubuntu Security Notice 970-1 - It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
d7bcec645912901061545ca9bcf57c0e030208a29b948c2923a6ce3ec1c00633The Joomla Slideshow component suffers from a remote SQL injection vulnerability.
2d4defc814900863d15083adcf414001e5283a8971ea6543296868eb1ca01e1cWhitepaper that discusses remote blind SQL injection attacks in detail. Written in German.
42dfb7664f17cc3f790cbd242aaaac8493154a617b2595c33c22727656a90308Whitepaper called XSS - Anwendungsbeispiele (applications). Written in German.
5e19318e968c0d45973a5dd8dfb350e46e449352defda944ca511f32ee71f39aApache JackRabbit version 2.0.0 suffers from a XPath injection vulnerability.
7b8b167d2f5d54b7350164f5d4b901a3ff35dfb56a0dbf1fdb02beaff079e1c5CMS WebManager-Pro version 7.4.3 suffers from a remote SQL injection vulnerability.
06b7ba04a9d397ea882b0d50d342ee572399ea50d2547cf221300119bf5cdfa0Zero Day Initiative Advisory 10-152 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the method by which the Webkit library renders right-to-left text. If a linebox has a width greater than it's container, Webkit frees an object that upon page destruction is freed again. An attacker can exploit this to code execute remote code under the context of the application.
0d821921961855aa077a525f40ea582a0a9f3e301018df738f67d59eec7e6308Zero Day Initiative Advisory 10-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the plcffldMom structure within .doc files. By crafting malicious values within this structure an attacker can force the program to make faulty heap memory allocations. This can be leveraged to execute remote code under the context of the user running the application.
af7a71de10340bf992abdf02ff97ff8f45dd9188ce7c32dc693b704f69e5debaCisco Security Advisory - Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS.
ddd44cc2036dbd2ae479fbceb7f6c9b2989611eb48a85d72e6c95b42fdaf0c4aWhitepaper that discusses collisions in PDF signatures in-depth.
deab72db5e62904f79476190f3a232216350201d701f5a141e047aa2b847da81CombiWave Lite version 4.0.1.4 suffers from a denial of service vulnerability.
382da8d214160fd591ac3d139898fb1afd66752bd0e5ebe6ef8aad071e60ecfcRightMark Audio Analyzer version 6.2.3 suffers from a denial of service vulnerability.
c53ad9485ab59209a4d88646bd039ab28962b1a3043b63d809e45d3c6025e8caWindows Live Messenger versions 14.0.8117 and below animation remote denial of service exploit.
1d770dd0722af1d8019849ae542297ee7bff2c18a550ef57a95bbb6144101a65Zero Day Initiative Advisory 10-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes. While parsing the first packet the function OBGIOPServerWorker::extractHeader trusts the provided size of the next packet and attempts to re-allocate a buffer. By providing a large enough value an integer overflow can occur and the buffer can become undersized. A later memory copy using the original value specified in the packet can copy controlled data to the heap buffer. The affected services spawn multiple threads frequently enough that an attacker can theoretically win a race condition by sending multiple requests thus forcing the process to access the corrupted memory while the overflow is occurring. Successful exploitation would lead to remote code execution in the context of the SYSTEM user.
b13eee543090b3697b177b3afa8dbc1a6d864d1b74b79a7299f6ee407dbd114bThe Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.
59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed