Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. BookLibrary version 1.5.3 Basic is affected.
79e62e777c42c0442c253d71a69a21bb09fee2f843737ff0ba50757ab43d1fe8Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.
666573b06f3b684ec2602cb6e3a8267107b0d14b8d72d5580802d755724fd52aSecunia Research has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parsehwp3_paragraph()" function (libclamav/hwp.c) can be exploited to trigger an infinite loop via a specially crafted Hangul Word Processor file. The vulnerability is confirmed in version 0.100.0 and reported in versions prior to 0.100.1.
35de8f1d0b377601d9193972f01694233332853eeac0bf4ef7798aa8df394debJoomla BookLibrary component version 3.6.1 suffers from a remote SQL injection vulnerability.
e203bb585ecc31b9bea7862404a5cfd993d1bc546c5ac5c46736c4590d873bd2Secunia Research has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images. This can be exploited via a specially crafted TIFF image to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
5b250b817b803791ecb2d09e8b49b1e908f5a7faf39121b38e3d74b57f9b9b57Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.
e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
e641c5041e65c7dcb486319e4f9f229021c6007e19079a2a67952f9abfd2a4b8Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a logic error in the Ichitaro speed reader (jtdsr.dll) when attempting to reconstruct higher-level objects and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
d5e75933e09e845ef137f1e214acd3daba62b091b867d3f86c99c49c4fb8a1bdSecunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Ichitaro speed reader (jtdsr.dll) when parsing "Text" chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
d4c58b78a917a3975cccd3fd186aa9b3e2b0fa0d8eb7ac3c3fa3f6db6467cd41Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in the Ichitaro speed reader (jtdsr.dll) when parsing QLST chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
d24cd05a6e4d709be1e57e4e15c52c15b5a2ed2e2c1e3e61fc50b6f372182659Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.
a527d453cfb32475e8deb8f919bc978fc3f901cd5b277252506bccdd46d12b1fSecunia Security Advisory - A vulnerability has been reported in the BookLibrary component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
bc2b70af96c61f6c4c1fe19a05ae19be75cbe298149d02f604b3eaac85639340Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.
0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0cSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.
a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495abSecunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
ba54e9780a47cbb9ac825fb26ba0fcde7c0734880a7eec64089b018ed29a2036Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
f9a9de57b6faceeb2d7116e3bbd81eb59d6cb237692bb06b5afcdb428702f9d2Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
5ed5b03e9a9bfac07541b8affc29df12ce6a114af5ce70de811e350abee24c4cSecunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
9f637d773e05147f5fddebca47d4f32eaa065525a4713e86117852b4fc62630cSecunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
79ff156cf917fb691f4b17bdbfad5cb0a6cc061edf41a7bcd72b346f6913a832Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
c8af127dc81e18677064ef66428dd5b8386a0ce6358af637f1bbae03414a1ae4Secunia Research has discovered a vulnerability in the BookLibrary From Same Author module for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "option" is set to "com_booklibrary" and "task" is set to "view") is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.5 is affected.
1b6681317886c2c7b9422ba4c5199bfce4e3692a8ca9a537721c207cdbf69c88Secunia Security Advisory - Secunia Research has discovered a vulnerability in the BookLibrary >From Same Author module for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
01597fb7e53933b972ebca3ed2244bb7edaabb2723e3ed7071714ae79860dfb3Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
132e0aa8ecbd7c96905b34789b2bbad53e50f5a3acad72b9b20a5a3a66b81d08Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an uninitialized memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
1fa888e94466db10ecc4cd45faac1367ad8a73ac5c7003062c97e83fa77763bcSecunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
1046e6ebe157878023df1b68e78e15838b63411d6370c88e5a5bf9f8e8f764a1Secunia Research has discovered a vulnerability in Creative Software AutoUpdate Engine 2 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in a callback function used when handling the "BrowseFolder()" method. This can be exploited to cause a stack-based buffer overflow via an overly long string argument. Successful exploitation allows execution of arbitrary code.
1a040ae272823bb9fc4aa52549e6a4a529563663d6e0d78a153410b3c765b0cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed