This Metasploit module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This Metasploit module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
5a6e9352732f91f5a6195ee7559b47f8ad02806dc4da4347ae745625e1ce1debUniversity of Vermont suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities. The university was contacted and has ignored the Author's emails.
042e2da2853f1be77f5ac55e23963b0da648f369e2e58108152dd4d097b46af5Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Netcool/OMNIbus, which can be exploited by malicious people to cause a DoS (Denial of Service).
96103034d99457a9fdbf2b35d9db97b8a18011329d7dddd877d66dda01511136Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Netcool/OMNIbus, which can be exploited by malicious people to cause a DoS (Denial of Service).
96103034d99457a9fdbf2b35d9db97b8a18011329d7dddd877d66dda01511136Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
720929e28d932694b96295f59bc93e59d753b81c1cfca65e9097e29ecaef0a97Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Media Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
d09581a0b75f15611a44da34d97cbcc839fdf7548bd1712499139eef9bd940a2Secunia Security Advisory - A vulnerability has been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks.
ee3ea8097688fa3422adc75087b49a2b3c7942f15df705b4e027ddce7457cd19Secunia Security Advisory - Multiple vulnerabilities have been reported in Shockwave Player, which can be exploited by malicious people to compromise a user' system.
1c3575af758379a3b2d719b3ad9953d7912eb245c5c7aa4098eb6beaaaca568aSecunia Security Advisory - A vulnerability has been reported in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system.
16985ae5bf21ecb4af76922971334224c2abac6f3d45ad9531bb1a6b299ebd96Secunia Security Advisory - A vulnerability has been discovered in TNR ESearch component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
4e1604aca5dd1f2a1a124df7ef9052bd7313feaac6f2692a3d8c5536362569cbSecunia Security Advisory - SUSE has issued an update for apache2-mod_fcgid. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
f47498b04ccc9cefc354f15e96982d7859a5a257db8a46f5958da648d3baefa7Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
1c46eb5237baf4e3db90d0648d3ea3252877f4e6a54d606909e4f29358afc446Secunia Security Advisory - A vulnerability has been reported in the Social Slider plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
6e923ed7ec3c40a899a561c7e134387af6a1c38490568bea4ae1f6119f7ee51fSecunia Security Advisory - Multiple security issues have been reported in eCryptfs, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially gain escalated privileges.
1255159d75f2690ff096f9b198d05a3fe43b32639d12121ba5407708ec6c114eSecunia Security Advisory - A vulnerability has been reported in StatusNet, which can be exploited by malicious people to conduct cross-site scripting attacks.
d151bbc274e19c19403a001cccd7f731653704fbfdb159d4b8ca05779d473976Secunia Security Advisory - A security issue has been reported in Sybase Unwired Platform, which can be exploited by malicious people with physical access to bypass certain security restrictions.
e2ac433887f2ee3b58abaf02caae31072a5f6d7122648139383e6bad94036750Secunia Security Advisory - Two vulnerabilities have been reported in HP WebOS, which can be exploited by malicious people to conduct cross-site scripting and script insertion vulnerabilities.
53c9e28051e1ce8467d9ba5d61ab0d07cb78344a68427cccd1055db75a0e1ef1Secunia Security Advisory - Multiple vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to compromise a vulnerable system.
5a9b13ec9bf31a7dbb8c8fe812f451b11ad1d634cbf35621f1c88a6ac0e40c2cSecunia Security Advisory - Ubuntu has issued an update for ecryptfs-utils. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially gain escalated privileges.
4a09dfd570647e40757d6156cc83fe546f187e5fa82f79a1751c0726b77a2070Secunia Security Advisory - A vulnerability has been reported in HP ProLiant SL Advanced Power Manager, which can be exploited by malicious people to bypass certain security restrictions.
721d449eb0912f29f212454e5c58bab9b532faa2d72dc02a573bf4dd56c09ab2Secunia Security Advisory - A vulnerability have been reported in Check Point SSL VPN On-Demand applications, which can be exploited by malicious people to compromise a user's system.
fe324fc2e4ddce3eb2abcf6136a5be1a6fc259a6703a19a5785a3d3c8c6fbe4bSecunia Security Advisory - A vulnerability has been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.
16c6cf63e1ee63d59295a1b7b260b477d44b00a7e46a46949b4651c5e74e4145Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in AChecker, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
d5948383d7481ef42c318ef8e9093727b2d84a7cb9d4613e013827b5499b65adSecunia Security Advisory - Fedora has issued an update for drupal7. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
392ecd63dde2068de2b67bf02c3d16aefc17206ec2142d215a70392679bace96Zero Day Initiative Advisory 11-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid values in the Sync Sample Atom. Due to a signed compare instead of an unsigned compare it is possible to corrupt the Sample Atom Table. Values from this table are later used to populate a heap buffer and the corrupted value causes a heap overflow. This can result in remote code execution under the context of the current user.
d90d8f17c50363e8045dac7124e5b77fbbe97e98f3d6db6be2210275abf884c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed