Secunia Security Advisory - Gentoo has issued an update for mono and mono-debugger. This fixes multiple security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, disclose sensitive information, bypass certain security features, and potentially compromise a user's system.
43a420c69f2b80d7e871ccc0518c2ac6a2c8ebfd3abdecb8453f24ee9c457f0fSecunia Security Advisory - Gentoo has issued an update for pidgin. This fixes some weaknesses and a vulnerability, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).
4648cd6d084bae2fd511ee24f801f2b0f4ade509c7bd2de5a18e9830d89fd516Secunia Security Advisory - Gentoo has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
54136add141fde901b1880d9fdc3affed02d38e78a847385b566cf9afed73b3cSecunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Interspire Shopping Cart, which can be exploited by malicious users to conduct script insertion attacks.
49878c0872a2123f191e8a62e48e9c5ecf3f8de1f9c91754933c943f05fd757bSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
74f8bec3952b6a7b490c5f7cef58616d47613312a4c1e521a686253b75262221Secunia Security Advisory - A vulnerability has been reported in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.
56c66c842d914b32a1967d88ce185ccc83b1c331ae7c7275ee9bfc36685567edZero Day Initiative Advisory 12-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PMParamHandler component of Performance Manager, which is served via an Apache Tomcat instance that listens on TCP port 8081. The process receives a filename from a remote user and performs insufficient validation of the provided file path. Additionally, the user can specify an arbitrary extension due to premature truncation resulting from an embedded null byte. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could lead to a directory traversing arbitrary file write and ultimately remote code execution under the context of the SYSTEM user.
62fba378efa118194bf75380e1caf3bdbb3a81ca43f314376ca1627030337be8Zero Day Initiative Advisory 12-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the heap. This can lead to a heap-based buffer overflow and allows for code execution under the context of the service.
64bbdb8d912b2e77427f770b39fb5309ace52ec15991e279f6d81b1268f751bbZero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.
a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccbZero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
1c1f3a3e3b1ea2c30d5e88a6ed5a02758054e2e93ac7c92988ed4cbb989df1d4Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698Cotonti version 0.6.23 suffers from a remote SQL injection vulnerability.
b722853730e8c0e87d6f6c56bed1aabbfd2f49198781981da59790b8c8c27954Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
ff843e03fe1fd89ea3c39d8a5267a02514914a3b649920437ff61e21fc352272Zero Day Initiative Advisory 12-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the transform attribute the code within QuickTime3GPP.qtx does not properly validate the length of the data within a translate or matrix object before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
a690137e64bef8ffcb153214bdb9c44ed446d4114da83d08686a0c31ffe78477Zero Day Initiative Advisory 12-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the GetNameValuePair() function calls strcpy, there is an unbounded copy into a stack buffer, which can lead to stack memory corruption. An attacker can leverage this vulnerability to execute code under the context of the process.
3ea4397117582729d6427e6e756813763f37762cbe5048736144e9c8b0b4c896Infrastructure Resources LLC suffers from a remote SQL injection vulnerability.
0058033c7cdf737464d86c452302bbbb5a5d845ca4f957250921b006a554a2d3CMS Lokomedia version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
a4fb376b53311da0808f524b506bdcf28600bb6b6eef0e9628cc2ae47aab4be8Bitweaver CMS version 2.8.1 suffers from persistent cross site scripting vulnerabilities.
94c1ae75fac4899db3bff5a7b213bb36be094f31df2214565996a379b6f2414aRed Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.
f5a6eab4adeb9bde444f861593d0766d2577f80b17b7949872cefc121c3995e8Gentoo Linux Security Advisory 201206-13 - Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.8.1-r1 are affected.
8894376799d8215e45a29bc083e642716aabec87867cd424a30c18181dc497dcGentoo Linux Security Advisory 201206-12 - A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Versions less than 5.1 are affected.
c70562ba5771d8a3a2703bb987d476774bc3df50d029fb7834ba272e952df386Gentoo Linux Security Advisory 201206-11 - Multiple vulnerabilities were found in Pidgin, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.10.0-r1 are affected.
fccbf14641980aaf2607eb97aeca7b851f33722796f8da32707b4794b511eb68Gentoo Linux Security Advisory 201206-10 - Multiple vulnerabilities have been found in ejabberd, the worst of which allowing for remote Denial of Service. Versions less than 2.1.9 are affected.
6cd681249ed6044831c35f3c68aa924ec71fde18cf604b30cb8c2814194b8e5cGentoo Linux Security Advisory 201206-9 - Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code. Versions less than 1.18.2 are affected.
2ae3bc72ec6a16c6837ec41edc36fb76dded93cd54de24920dc77b2d2a0cb4d6WordPress Schreikasten version 0.14.13 suffers from a cross site scripting vulnerability.
e9b47fbc580675c3a26e6b1fb58f07c5fd9133fffeed38a9bb1881beb19443ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed