Mandriva Linux Security Advisory 2011-172 - Multiple vulnerabilities has been discovered and corrected in libreoffice. Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted.lwp file. oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
4fd81df2fa0142fdec47f52a8a168c1a357a0b84ccca8a96b9d1c47d50f2c6b8Debian Linux Security Advisory 2344-1 - It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution.
033975c3139e31efe4ff8206eb96eefc354fa2755ad953e26c9cbcb77cabd27eMandriva Linux Security Advisory 2011-171 - GNOME NetworkManager before version 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
b0497990b7cd3f0be96a104f99d44c5413f36998cce68cf0d2fd1763c43b2bbcCatalogue 2011 suffers from a remote SQL injection vulnerability.
8a262513115f5409aceeb57f4b44a2acd1211b1c4ad6b1724b0300974daf5851The Joomla Content component suffers from a remote blind SQL injection vulnerability.
2e512eedd5f4ab4a0a48db04f9dc574fbe2b10500492950c7c3367c1627ff060Gentoo Linux Security Advisory 201111-3 - Multiple vulnerabilities were found in OpenTTD which could lead to execution of arbitrary code, a denial of service, or privilege escalation. Versions below 1.1.3 are affected.
b951768d5e2347203366c650684104908ab59f45148ba3a22a15400e36699cca4shared.com suffers from a cross site scripting vulnerability.
4a097611bd26647f91cbceaadedc5af210cba48d13181cdd5c048a046e2672a7Agentportal.westernunion.com suffers from a cross site scripting vulnerability.
de42a1656deb7e30879a65442f0a0ddae03d218e8335e13e747942475a1bebb0Shockwave.com suffers from a cross site scripting vulnerability.
1c346d7d92e5f11ec467171084c6a946ad3500134aaf59ff28667968bb8e2bebTinderbox.mozilla.org suffers from a cross site scripting vulnerability.
da12d621b9af4c8729e5a546f808e6a5f92477c423365113122d103242a4809eWhois.com suffers from a cross site scripting vulnerability.
f851a7a0ebb8e35c2de8c2651f796032b4336fc863d9511c4bc1447496b78bc6IBM.com suffers from a cross site scripting vulnerability.
9a5b1508a82bda33ca2e95780663299764aeadf13aad4d77f6a557fc9546033aMS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.
8599b0b1ac07fed75a167b44758ada7368eb687ba515c6c1f6c4ea9d3e84cbf4The Skype vendor website suffers from a cross site scripting vulnerability.
22dbe42f1a221b90095564d5f9448154d5c7174012997d50ff15350beae0f877Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
e2c7f52186f217d479f8d33ec72b7002da0b148f003d9142d6a982774c54a2e1iCloudCenter.net suffers from a cross site scripting vulnerability.
ec809a7bc51d0abdca5617be5e231b4c9623ce69d7d2cd29f18297fae905ef14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed