Zero Day Initiative Advisory 10-268 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed Media Properties Header (MDPR). The application explicitly trusts an index in this data structure which is used to seek into an array of objects. If an attacker can allocate controlled data at some point after this array, an attacker can then get their fabricated object to get called leading to code execution under the context of the current user.
a7c4761d8edf0b79cb190e6a4c21984a3fb2af9da75b4317727eca4b3a0fc7adZero Day Initiative Advisory 10-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the Advanced Audio Coding compression format. When decoding a conditional component of a data block within an AAC frame the application will decompress lossy audio sample data outside the bounds of a buffer. This memory corruption can lead to code execution under the context of the application.
9b90c197796fc6bb47c6436608c8d4987c552f68095b059c75c6ce4a8a67a944Zero Day Initiative Advisory 10-266 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed multi-rate audio stream. The application explicitly trusts two 16-bit values in this data structure which are then used to calculate the size used for an allocation. When data is written to this allocated buffer, an overflow will occur which can lead to code execution under the context of the current user.
d5fa9d8edfc285dc8829591352ca93162b086ee5247e86c22aea19b9114abef3Whitepaper called PDF Malware Analysis. Written in Turkish.
d911eeda5a27cab9f761bb96419e1ac1d6575a19ec2fb73e271ee724c46df52bSecunia Security Advisory - HP-UX has issued an update for JRE / JDK. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
f4b163264e19c029d3bfe08edd4c9597fc80ab6d66b6e96a112924437818d809Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.
b53ac20fcd33730fca9a3dd3d9fcd90fdd0ed85f55d07378c14fead11de92568Secunia Security Advisory - A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
dd94079cfe1fdc78f494e20cffa95870c4e78ea21e9b36a02f6e1b2e3901122eSecunia Security Advisory - Ubuntu has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features.
8ed3d5babb2d271ea902b035f1bd7fca2d22967d0b0b2a0dcb396b6a2734b278Secunia Security Advisory - Ubuntu has issued an update for clamav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
432f648dbad7ffed37e3d865e3625af75b802a291728e0a71549baa4d92a3135Secunia Security Advisory - A vulnerability has been reported in CA ARCserve and XOsoft products, which can be exploited by malicious people to compromise a vulnerable system.
9d962e2e117844c43a5163283b04f3d9b03fe037d7f3361d25e3cf95b9ec7c9eSecunia Security Advisory - A vulnerability has been discovered in phpFreeChat, which can be exploited by malicious people to conduct cross-site scripting attacks.
ee1196e8f1cbebfd8487ddff402be1afd078abf1698cf1b60db1b0c3c92b4b3fSecunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
42efa0d06d1838fe20d83af0b0806117eb568858f5a914bc7345aae90f8e5bf9Secunia Security Advisory - Salvatore Fresta has discovered a security issue in the JE Messenger component for Joomla, which can be exploited by malicious users to compromise a vulnerable system.
1711bbab99b92690d2a202cee87df38ae8d0d3af893cc0af95a7e856ff28790dSecunia Security Advisory - A vulnerability has been reported in the SafeGuard Enterprise Device Encryption, SafeGuard Easy Device Encryption Client, and Sophos Disk Encryption products, which can be exploited by malicious people to bypass certain security restrictions.
42969d1a276057bf6ab7f74edf7c8f04d18c506d00c81fbe48608616109e178eSecunia Security Advisory - Red Hat has issued an update for firefox. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
9f71b5ba2fa23b1419ab91dd77b97639984f1a41dc37aacf982f511e2a7979caSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
8fc551041d5def7333950089272e1c52760a07410c405cf06dd33168f1a9b6b8Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
889eaecbe7636815140ac9e1d59e2268689ec1a180d153803458bdd31be7f925Secunia Security Advisory - A weakness and some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
c8c9de03cb7649b7e5683a36fa0667b83e298a2200243cd22fbdb292ea418e70Secunia Security Advisory - A security issue and a vulnerability have been reported in the Embedded Field module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system.
f0318ab2bb44a64bd41d9d71e674432421d6b0fcd1f8c63d35fb0b7d44bed6c8Secunia Security Advisory - A weakness has been discovered in phpMyAdmin, which can be exploited by malicious people to conduct spoofing attacks.
a26de00158ecd3e61de610e30d979ba7fd6c89e7f6866697ad5c60bd2d1748aeSecunia Security Advisory - Ubuntu has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
009766e428046db4139fda1d888507db4f816a4a593bd51cb4cc9932a4248575Secunia Security Advisory - A security issue and a vulnerability have been reported in the Media: Video Flotsam module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system.
b42d1273da062f127cda9736f4016a1a801e8e73c689a5e6674df4be7497cb84Secunia Security Advisory - Oracle has acknowledged some vulnerabilities in Mozilla Thunderbird included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions and compromise a user's system.
e10c23bcc4b0a8a9282e53ea527830eef73f1f429fbe2a9afbb064c5b22327d9Secunia Security Advisory - Oracle has acknowledged some vulnerabilities in Adobe Flash Player in Solaris, which can be exploited by malicious people to conduct click-jacking attacks or compromise a user's system.
e226172e81cc1228d5a4a433d4507a0c301cbd802cc9b3b34e6008f0f52c0167Secunia Security Advisory - A security issue and a vulnerability have been reported in the Media: Audio Flotsam module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system.
d455b8e93416ef787ce1c56159185593b071962ad44a515cc4f3bc09366aea95
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed