Avira Free Security Suite 2019 Software Updater version 2.0.6.13175 suffers from an improper access control that allows for arbitrary file write that can allow an unprivileged user to obtain SYSTEM privileges.
69fdf1c757c972b00a6ac38b381268805e095c1577ed18107e11edadd414cc65Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
2c00e5233a4b95c7e2c687bc947a2caa809fd9c1dbecf3436ec032c47d968974Acer Updater Service version 1.2.3500.0 suffers from an unquoted service path vulnerability.
77d928a50880722ae51c1f2c416a5749ab865706aa2dae17514953f5869b0507WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.
7b9a7b1fa82bf893ede05de1b61f81670d536065bdd12d48311c4d40d6bbd860Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects.
822ce848f9f1b05721b777be30e35ae0e8bf4ac89fae50e6d3282fdb215603ceMicrosoft's Skype home-grown updater suffers from a dll hijacking vulnerability.
216eae84a9fa62444079df49cbfe75e118c010a069585d13c866dc34ddeb3837A heap overflow vulnerability exists in Apple's updateRateSetAsyncCallback when handling ioctl results.
5baf4461e02f823d473ce5e80cdf29107fb3e4d0bc77201b0a37d01d752ae1baAvira Antivirus versions 15.0.21.86 and below suffer from a command execution vulnerability.
78a59e0dd369a5bd39deaf1ea862d4e542548155f19cd30868dfaf06d9060e7dAvira's free antivirus package installers suffer from a dll hijacking vulnerability.
cd4e84ee068f9e9cfe8d95ea64f7b69bb88001d7158979971fe5682f3df4324dtranslate.avira.com suffers from a cross site scripting vulnerability.
d71d8ff7e41f6aa75bf4b383a4ad84b35a924e19ee1f73dce983f4e1bc088f07Avira Registry Cleaner suffers from a local DLL hijacking vulnerability.
25dbcc7db394b17559de2ca3d0756be3cb74f12b5d2bde975cdaeb1e15c10f9dAvira Mobile Security versions 1.5.7 and below send credentials in the clear over HTTP.
07268a63a10e9e04ee38ecd991fda216994295c0b1d633261d7e59f97a112f35The Rackspace Windows Agent and Updater allows for modified Agent binaries to be remotely uploaded (without authentication) to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then be executed after the service is restarted. Previous versions of the Updater (before 1.2.6.0) allowed for unsigned agent updates utilizing a specially crafted .NET remote call to TCP port 1984.
e1432ce56dfb5361bc47edbd2d3c8d08d7d01f9b5dba847ea442095175de0442Avira Secure Backup version 1.0.0.1 build 3616 suffers from a buffer overflow vulnerability.
8a2c729190e444854e9eea2ba4a3bf9fc83b7990ca632fb6cff00b8e685190a9Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.
702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84fAvira Personal appears to suffer from a privilege escalation vulnerability.
eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8aRaspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.
8ae9e75ba7ef9fa85acaf5cb66e9b8df15d576eed17c890be91b11f0dfa9146eAOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.
5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9dSecunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.
34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94Secunia Security Advisory - A vulnerability has been reported in AOL dnUpdater ActiveX Control, which can be exploited by malicious people to compromise a user's system.
fc7a2a87cf39494972026c879d31baadb70d85fcacc86227d58fd63a49bc0a39Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.
a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccbVarious Drupal modules such as Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, and Redirecting click bouncer suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dfba66004ce172b759e13bd0d69c968ca2876ae3c5a889fa13c062cb84aef994Mandriva Linux Security Advisory 2011-111 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. Various other issues were also addressed.
f7dd994ed60b9ada7310c8c1c6924839daffb71af4e1d407d023ec1f99cea07eZero Day Initiative Advisory 11-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nsXULCommandDispatcher.cpp source code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to force command dispatcher to remove all the updaters in the mUpdaters chain including the one that is currently in use. As a result, the local variable updater becomes a stale pointer and updater->mNext refers to memory previously freed. Successful exploitation can lead to code execution in the context of the browser.
7863f617a6f44ef8bf90e7543ea93c2246ad911302f2326be55b6031f03e0ecbAvira AntiVirus local proof of concept exploit that creates a malicious QUA file.
e2ef3c0258d84a42617b7cddadf0129c7b654cd36d3ad3612bbf696e8749f11fThe avipbb.sys kernel driver distributed with Avira Premium Security Suite contains a race condition vulnerability in the handling parameters of NtCreatekey function. Proof of concept included.
c7a322a2c2f49b80da7890160c04b2a4cf83452613be02530e2c277ec67dba34
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed