Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field type within a field description array and can be exploited to reference unallocated memory via an unsupported type value (e.g. 14). Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.
64eb02f84a8c1969ec2858048292fa533a3119e377c598fc40cfe05b33a023ceAll Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.
f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019If the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager with the trace logging is set to verbose, the administrative account password used by the custom application appears in the trace log file as clear text. Affected products include RSA Authentication Manager version 7.1 and 8.0.
f9d14eb305ff9ba19dd614f9f03a38fe1e6c49746ddcebc66e23f188e1a07e4cSecurity Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.
5ee140ef4ee1fbbba3be2d987e3af93d9141d6766d1e154771745114d62a987dMandriva Linux Security Advisory 2013-098 - The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet.
f8496243e7f0256fe58f41cd2454656be93b6bfe7cf9d3facfeb6bad9b7497ebThis Metasploit module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor. The libupnp library is used across thousands of devices and is referred to as the Intel SDK for UPnP Devices or the Portable SDK for UPnP Devices. Due to size limitations on many devices, this exploit uses a separate TCP listener to stage the real payload.
a7af761c0a55f9166f6f6555c6b5bf62d458d99f52fd09af4ef8ec52d41ace3bCisco Security Advisory - The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) devices contain a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests.
8c9ec518f9576f7d3ec9cf9045faff6035b5098412a401f43bfbeeb4c0a728b0Secunia Security Advisory - Rapid7 has reported two vulnerabilities in Portable UPnP SDK, which can be exploited by malicious people to compromise an application using the library.
60b12f77e6a02e68eac2bc58f4a3d6ae3a3fcb9079974300c0a08fbf73f18d13Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field names and can be exploited to cause a heap-based buffer overflow via a specially crafted "number of fields" value in the table header. Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.
56fa0dec02fefe39d056fd79fe61eb9e26cdf4acaa109e6e081b8297ad7a6901Secunia Security Advisory - A security issue has been reported in Payflow SDK, which can be exploited by malicious people to conduct spoofing attacks.
d0a6f8da0f1d3999ba6ffb37320622208cdd30e6e1596eb0c9c7fd2993cd95fcSecunia Security Advisory - A security issue has been reported in PayPal SDK, which can be exploited by malicious people to conduct spoofing attacks.
caaa69e00c794bb80e4ff079a046d30a72c32a722593f4fc38ca0227434b8b40Secunia Security Advisory - A security issue has been reported in Amazon Web Services SDK, which can be exploited by malicious people to conduct spoofing attacks.
14f57dcfaf77409d9c21dabcf2bb8cbd0b244ecbc04e1c597af7ff1f2c4ec108Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
867ac9eef17a67029d0c83a32794fd6f14dae99bbb8a7705e718b79b7bd50592This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.
382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM 31-bit SDK for z/OS and IBM 64-bit SDK for z/OS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
73e408e26c1d0c1367774eee820278537ff866094666e144f3f5024b01d0f50fSourceAFIS is a fingerprint recognition/matching SDK (library), or more generally an Automated Fingerprint Identification System (AFIS). It essentially compares two fingerprints and decides whether they belong to the same person. It can quickly search a large database of registered fingerprints. It comes with an easy-to-use API (pure .NET and Java) plus assorted applications and tools.
3020edbb3265d811b86cba7ce7c5c94fef62c7aed6cda2faaf4ef36896bfe45aSecunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM 31-bit SDK for z/OS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
65f6a63e0e92e254265e83329c3e72f19fa2ffae5b54e5514d992a643ac874f7Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3fSecunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.
a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221faStack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739The Google App Engine SDK for Python suffers from a code execution vulnerability that can be leveraged by a CSRF vulnerability.
519d4382361dcafef4cd129e1fe1de30dc932146ee9e653e859c5c913ba55657Secunia Security Advisory - A vulnerability has been reported in Google App Engine SDK for Python, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b32f73bda3521d1b39a813988a7dd99c60da72c09485d69e2526673e22a9f877This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9dBlack Ice Fax Voice SDK version 12.6 remote code execution exploit.
b74e8d9fa16afc7c5be868647ea87134dbc15594a5e17358904cc7728f7d2012Secunia Security Advisory - A weakness has been reported in Windows Azure SDK, which can be exploited by malicious users to disclose potentially sensitive information.
c0ea3280ae6a6df46fd6fca07607eb1cf2a7e5fe0863ebc6fe435acf0ee1c8d0ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
17867da4eaf5560a79074d3a80f715f88ee456a8391ea5665304c7c94f4f4028
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed