iDefense Security Advisory 11.09.10 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of a specific control word in an RTF document. Under certain circumstances, Word will copy its property strings into a stack buffer without checking the length, which causes a stack buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007.
d4d9f9e20e9077a6175a55782b57058b141ca5e690b63999ac4ac7d7e985c23aTechnical Cyber Security Alert 2010-313A - There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.
469a80e991259d2ddcce070676f40f539feb57fedf64d649d968c3745a0b21ecZero Day Initiative Advisory 10-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP response. The following modules implement this functionality: gwpoa.exe, gwmta.exe, gwia.exe. When responding to an HTTP request sent to TCP port 7101 or 7100 or in the case of gwia.exe the user configured "Message Transfer Port", the process uses the client-specified "Host: " header to create an HTTP 301 redirection message. Within this code a local stack buffer is used to store the redirect location and can be overflown with a sufficiently long header value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
6d81201963cc0bf9ce5b56242c8003b55725876fdbc630174972e531c3dd5875Zero Day Initiative Advisory 10-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees resources when parsing a malformed Office Art record. Due to the application not properly freeing up resources during handling a parsing error, the application will later access the freed reference which can lead to code execution under the context of the application.
422448f62776d8b309cb36060ecc7b079c7f561fe85f31b163bfe9f600eb5b3eSecunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office for Mac, which can be exploited by malicious people to compromise a user's system.
8bbcff5269acf8a986ddc3a382559a6b81f901fd4fe27f444d5269a832b5b46aSecunia Security Advisory - Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
2383e281cf3bda166b1132fae11250d85520b0d04eb05db7edbdb49fbd7b89d3Secunia Security Advisory - A vulnerability has been discovered in Free CD to MP3 Converter, which can be exploited by malicious people to compromise a user's system.
924ab7200f04b8e9170ba4008293421cff8533b8c44af4c419611619b6c154ddSecunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Media Server (FMS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code.
8282ab0c0e999149793223a2308c542f27054df6fe735071f3bc14c8ca9399aaZero Day Initiative Advisory 10-245 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Powerpoint 2003. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application trusting a value defined within a file. This value will have some arithmetic performed on it, and subsequently be used as a counter for a processing loop. By modifying this value, an attacker can reliably corrupt memory. Successful exploitation will lead to code execution under the context of the application.
31816dcf9f46983f97b11cc9f5ed334ce5749e88b1eabee3ce30460b88a09dffMandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php).
32b339f2edf2d5d6437052db1f3fcb7ed319e504a9a6c345ec473fab9fbd2ce2Mandriva Linux Security Advisory 2010-224 - A vulnerability was discovered and corrected in php. A flaw in ext/xml/xml.c could cause a cross-site scripting vulnerability.
1586a904d20fbb01ee862330badc98165e79bacbf7021e82cdbadfab39e3e7b4Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation when parsing an Office Art Drawing record, which contains "msofbtSp" records that specify certain flags. This can be exploited to corrupt memory via a specially crafted Office file. Successful exploitation allows execution of arbitrary code.
61dae7bedfeaf692cd9a528ab0ceaf23d9863ec3a159771e27ed645dbdcfc890Mandriva Linux Security Advisory 2010-223 - Multiple vulnerabilities were discovered and corrected in mysql. During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash. The server could crash after materializing a derived table that required a temporary table for grouping. A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. Pre-evaluation of LIKE predicates during view preparation could cause a server crash. Various other issues were addressed as well.
d609120ee86a09bd8da88ad1f562f2e0e823196ca6f9d056344881e111dacff0Secunia Research has discovered a vulnerability in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in PP7X32.DLL when processing certain records in PowerPoint 95 files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
7ecd37648537fbfa01db86e653e3bda1f9f95fe6fda438246fd9bb3b1fcb0f61Zero Day Initiative Advisory 10-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will miscalculate a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur which can lead to code execution under the context of the application.
9f735a875bf0d264dad7c0b342a51d2d4f9fe20beff5c4c5c2f503bfd6c08222D-Link DIR-300 authentication bypass exploit.
78a27b88316b5f34763e1566a3c11b15a88380e06fe9b293ddee61f9e4fbc19fWhitepaper called Remote SQL Command Execution. Written in Italian.
63f662d680ee68d76445fefe0bdfb4e33fd430359b50d228361f0bcf2b398d89Oracle MySQL versions prior to 5.1.49 suffer from a WITH ROLLUP related denial of service vulnerability.
c93b8f88bda9341f21367075dd854083874bf487582ffb1da064ec28d63879a0Local Linux kernel exploit that demonstrate how the "mem" array used as scratch space for socket filters is not initialized, allowing unprivileged users to leak kernel stack bytes.
41f4c4f5e19f3b41bc7cfe2dad288a198d7cdca8f0b4d55690ee5693864819b2Woltlab Burning Board Userlocator version 2.5 remote SQL injection exploit.
0de5bc3be6dad2c89f67e13e38721ed283f6fde5cb73e0adffa4028c215231ccNovell Groupwise suffers from an Internet Agent IMAP LIST command remote code execution vulnerability.
de163bf78d636b4473ab7820066e425de60984121a4acf0fdc9a44e1dfda0548Mandriva Linux Security Advisory 2010-222 - Multiple vulnerabilities were discovered and corrected in mysql. Joins involving a table with with a unique SET column could cause a server crash. Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. Using EXPLAIN with queries of the form SELECT. UNION. ORDER BY could cause a server crash. Various other issues were also addressed.
74d0792dedac23aec2f739bcb4269d0a3049b419f30d9981405256e2fc0a6056XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
8c71afc33432e1adab32907b8d378ff256986b2c14f4d7587b3da25139432944IBM OmniFind suffers from cross site scripting, cross site request forgery, buffer overflow, session fixation and privilege escalation vulnerabilities. Various other issues also exist.
4147ebd305f47fe5b864d5adb3fe50a82d02835d37577e5a98f5435614520d1dThe Joomla JQuarks4s component version 1.0.0 suffers from a remote blind SQL injection vulnerability.
c25602a381de4c07e2ed2a7ef1bcf5bb57bb32ddfa0d2830c5a1167ad399c106
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed