A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7eA remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console. According to the Sun Security Coordination Team, Solaris 10 Operating System, Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console 2.2.4 and Sun Java Web Console 2.2.5 are affected.
e84f0182902982fef958571d637da96cc79aed6c17e01ebeaca169efc5ba049fPHProjekt version 5.2.0 suffers from a privilege escalation vulnerability.
d0eb6dcd238466f8bf02343caec6f02edb744728d2bc4c2e508a7480db337ddcPHProjekt version 5.2.0 suffers from a cross site request forgery vulnerability.
cf169ff516ecb37f27edb69c002fd063faf696d3add01baf063759d1e46d5b37PHProjekt version 5.2.0 suffers from cross site scripting and filter evasion vulnerabilities.
2aa0a61eb00ffdfcd305ae3b72f1e7744df2d56d283d55a0fa6bb630096ffbd8PHProjekt version 5.2.0 suffers from a SQL injection vulnerability.
a09402b443c16796539cd108dd61aedcdcd438ccc160783d39617bb171dd08f5iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.
fec5cfa3ca512e52554badeb637b6197568fa66695d6a4894d6a34b8670d4953Both the command line based and the web based management interface of the Aruba Mobility Controller are vulnerable to a heap based buffer overflow when overly long strings are passed as credentials. This can potentially lead to remote code execution, resulting in a system compromise.
2765a8733591e6cc8a10571d0eddc6946cf3800a1474c9f2a49ef8364eeb7b9eA flaw in an authorization component allows for unauthorized access to the Wireless LAN through a Captive Portal, VPN, and administrative access using either the web-based administration or the command line interface. This vulnerability affects all versions of the Aruba Controller beginning with version 2.3.
d9f59c55b587f3d9ff9b8404f4cfc3a3b9b30d8abd4bcf3ae2558f4dc03841d6iDefense Security Advisory - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to trigger a heap corruption vulnerability. The vulnerability can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. iDefense has confirmed this vulnerability in WinProxy 6.1a and 6.0 r1c. All previous versions are suspected vulnerable.
d2044d04ae53aaf7545b251d93ad6569c3f042b4971c7610071ef2cf8d54ed23Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.
5b407216e87ea84e50448fe21e241bece83b951de5dd418880925a300925fb69NOD32 Antivirus software versions prior 1.1743 suffer from an arbitrary code execution flaw.
dcc3ac0483403c98b5780d90539d0fc3e3f9ac428aed9e62ae4ad4c049d3f440ESET NOD32 Antivirus suffers from a arbitrary code execution vulnerability. Versions prior to 1.1743 are affected.
68c8e00a070400f31b4f79d8fd1f5ed916dc36dd5153dcfabf13efd85383835aA remotely exploitable vulnerability has been found in the file parsing engine for BitDefender allowing for remote code execution.
a23052956835d2a738c754384152d85f6cfda66579f00459c5f92b64f88730c5The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
2df1d6ba1168f33411d64216fc6207477b58415db787795da79aad12e7ebc9eaProof of concept CHM file that demonstrates a heap corruption vulnerability in the Microsoft Infotech Storage System Library (itss.dll).
d8ef3858baa50f11d566db9a14b2ab96af1ac5fa8e86c5b98565ed099bd7b0e6Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.
d98d69c089fa482c6caceed0b5b928ed2ea318ec604b1baad057ea65ad2427d0iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.
e1ca9d383bee063fdb4aa3c89d82101029b9d5a32d60748687bf4330f54a6be8A heap corruption vulnerability exists in the javaprxy.dll in Internet Explorer 6. Sample denial of service exploit included.
0398c68222d475a8fc047b7a6c11c488a80ed1c6524e70ea9630b3dc2b2b50c9Gentoo Linux Security Advisory GLSA 200504-11 - James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs. Versions less than 2.0.2-r3 are affected.
5230e1bc925375fa4788e07f7ce82ed74e9dfa93f2e7f7d56512315e0fe36532N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
1d716fe2d428a1b091b2323219d12fa9adc4fb7bb83e3074c1b4ab462af6d467eZphotoshare has multiple overflow vulnerabilities that allow remote code execution from a heap corruption in ntdll.dll and the ability to overwrite important saved values via vulnerable code in mfc42.dll.
b12e004365a61fc7f59fbe522739cc9cd0248db2cc93c71f0a27f7a07e9476f2CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.
b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48N-Stealth v3.5 is a vulnerability assessment tool for Windows which scans webservers for bugs that allow attackers to gain access. Uses a database of 19,000 vulnerabilities and exploits.
f3d9cfd5d8699e4a7fd25ae3862d5e286853c68aeb7b8551bf5331421a42ef0aSuSE Security Announcement: imlib (SuSE-SA:2002:015) - Imlib used to depend on a netpbm library which is well known to have security problems. This and a heap corruption bug have been corrected.
2b8c62dbe9dfb2ff8c5fe9b81bf9c14050d90ff08553f73c01d4d5e6d20e6e29NTISSAM COMPUSEC/1-87: Advisory Memorandum on Office Automation Security Guidelines
10e4d64cdc8babc15f060a5c090e854ad8d47ea0e4e76225f5222648e420be82
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed