Chyrp version 2.5b1 suffers from a cross site scripting vulnerability.
a24c93c1d6bafb9b324879313e868e820f59fae7d1b2c7acbdaedb0bce4fbe4bZero Day Initiative Advisory 12-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem).
c19054aaeda7316388023d840ae6dfbe26300e49d337e63162e86a1ed98b70b4Unity 3D Web Player versions 3.2.0.61061 and below suffer from a heap corruption vulnerability. Proof of concept code included.
df8d4e828b3feb902755f42d049fc02ed05cad4cc5d64bfcb3d166a7c832d79fBuzz build versions 1458 and below suffer from memory corruption and various overflows. Proof of concept included.
46a8c985e5efa7be49ecf1d9c42c6876e055dde7cb718a81a95548874f11fa61The Shakacon IV Call For Papers has been announced. It will take place June 18th through the 21st, 2012 in Honolulu, Hawaii.
d66a1000d9487f2cbdc728cc8d1f23c5ecbd2de6df28b48ec5117c44f7c158ecZero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.
de856aa61d7d5504a5332e85ae7a8c346fb55b885e46e6034141a1c3c1ca8861DAMN Hash Calculator version 1.5.1 local heap overflow proof of concept exploit.
0a07425a5cb63b5c8cdabd7b39c0cd2a1863c4b2e2e5946de069c4370473370eRed Hat Security Advisory 2012-0325-01 - JBoss Web is a web container based on Apache Tomcat. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. Various other issues were addressed.
d22d787c4112a659c3c9e4f42170042f88ea6052206c4cfb93c8a3c97eae2892Gentoo Linux Security Advisory 201202-6 - A vulnerability in Asterisk could allow a remote attacker to cause a Denial of Service condition. Versions less than 1.8.8.2 are affected.
7f031b2689db07359376a37c8a63834c1ce06481429c4b7f16666e82d118e7e2Gentoo Linux Security Advisory 201202-5 - A boundary error in Heimdal could result in execution of arbitrary code. Versions less than 1.5.1-r1 are affected.
42de8a2cf7db4d885a1b8457f558eaa5bf8b942213be6c388b6bd72267ca7dfaGentoo Linux Security Advisory 201202-4 - A vulnerability in PowerDNS could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.1 are affected.
28f56b530d1a793ffbfebe179923a3870fb60825b72eb2a2866f73dcb06a40eeGentoo Linux Security Advisory 201202-3 - A hash collision vulnerability in MaraDNS allows remote attackers to cause a Denial of Service condition. Versions less than 1.4.09 are affected.
22ad4fff91ccdaeac3aa0197ba4e54a9baf109f365a5b31f2b103db61df87037Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
456195625d6524c03923a1457d002d80445f9f034e991f9bbf3bbe3eb73ae6a5Debian Linux Security Advisory 2415-1 - Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug.
f15132f36cedad036bfdff8d435a59bbee9e2f235c76a38126f3f49f28121530Debian Linux Security Advisory 2414-1 - Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.
2938802a44ca1e1baecc82705eb3ef6ad4cb947b1f8eec1a8fbd2bb27992c43b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed