VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.
3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.
683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.
80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58aGentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.
ebd71cf22019908747f1ea5cdd3a86acfb248e6a38bfa41979b555e7a1acbe4cSlackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.
ecb1893087d0d66f7dad6cf8deaa65276787950af36d4ce86965243130244165Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.
d8b63bcd49f44bb59448c810296db5ea1c1da32b571e78c2773ee2634be2daf9TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.
6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.
a0b32edb63a75a52f36b3b0a16898f214ffdda7d8f01efbf9482265d991f663bMandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
0789baa7bebd1d751cfec338c14d6c275606f4495052e7dfa5e95751824ad5e3Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.
f55dddfb5e32f8447e8f4c85d600ec6b3af91b45f0d4851a964df1ee21ef722bTripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
e09a7bdca9302e704cc62067399e0b584488f825b0e58c82ad6d54cd2e899fadSoltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.
3a2128ffc8465d8e9ab1437eee66ccd0120c1ab286e6b4e9656695dcdae0c80bSites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
cc8a5a522b2375d69ee3a4d6f8f2c0a2d801ef0278c4b5ce1f94a8115dabf0a6Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.
22bced0651b954ffd992c7d05b169412b5cccc21f9d0c513894db79d4f5178afSites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed