Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. BookLibrary version 1.5.3 Basic is affected.
79e62e777c42c0442c253d71a69a21bb09fee2f843737ff0ba50757ab43d1fe8Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
5db2e877b929448ce53fbaefcd4fe1dc429beb3e14f7b1dcec039f413a870480Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing embedded fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
c0df90ba22d702d5895e0e567d8b513727f5c0fb8f18fea09ecb1d9b6df3de7bSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when processing asset entries and can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
fd7ee053649f29172199e1a95030011594179adc1655c800f9830c93e76ae257Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
b5ce1892a860a21e337e443c62011c129dda014f2c804f59309422383732a762Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an array indexing error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
aaccf5333966fa257d1abf65746a2b24762c1eea4ffaf39c72989322d81409fdSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
0de19e3ef14663cc00a96c258b363f1f0f8271752f2f8f61678d437370f2d5b8Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing FFFFFF45h Shockwave 3D blocks. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.6.606 is affected.
15a8dfe7974507aed2ca880478d7e11000be879f68bd99e4424659fe3687ca8aSecunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to compromise a vulnerable system. An error exists in the handling of file uploads for avatar and photograph images. This can be exploited to upload and execute arbitrary PHP code via a specially crafted image file with a ".php.filetypesphp" extension. Successful exploitation requires that "Public Uploads" are disabled (default), but uploads for avatar or photograph images for users are enabled, and a certain server configuration (e.g. an Apache server with the "mod_mime" module installed).e107 version 0.7.19 is affected.
45428821d57d683fe1349074f3b121de28a05956ea85e81aa8b952bc93652c39Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.
9e5427a42ec609184b91c787aba776dfd53753bbf2594f58df51f916c1df2df2Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information. The script uses e.g. the insecure "-K" command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes. Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected. Version 1.4 is affected.
28a7ae6c7e9250897654b9dd6ec9de66b67ea1f3c9d8407ce433899cb325f213Secunia Research has discovered four vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by four integer overflow errors when processing a certain block type. These can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
2b675879c41d33b1cef80c5262c5a1ef851e8b47dff731fcab135b0972822b31Secunia Research has discovered two vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by two integer overflow errors when processing Shockwave 3D models. These can be exploited to corrupt heap memory via specially crafted Shockwave files. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
17d57c1485e5cf9ef58b9f14925858958264e555b5c7bbdb27ea51453dfade52Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
505af33a6b87fd4467a4f73d2dc13b84c179cbf7f2e43dbcb79b688f70793e2fSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error when processing a certain Shockwave 3D block. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
ee5b1897f238ae118309546dbdae38bb523fb26b557924829cf8636189565ea0Secunia Research has discovered some vulnerabilities in AproxEngine, which can be exploited by malicious users to manipulate certain data, conduct spoofing, SQL injection, and script insertion attacks and by malicious people to conduct SQL injection and script insertion attacks. Versions 5.3.04 and 6.0 are affected.
c462342d4803cce0edf6f9bb2831e2fb8c104cee7660685e0e6e898f93843b85Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.
bef338476ab50b7b135a8f8a62a9fce7233fca04b978409af9cb476cd97ecad5Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Adobe Reader version 9.1.0 is affected.
8628a799db013887f6f7638ae105c3171c982627797e972918ff84f183df7579Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array-indexing error when processing certain records. This can be exploited to corrupt memory via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code. Microsoft Office Excel 2000 is affected.
7725b19dd8e3e0acbaaf264cb1ac14822f245b9d54a2da1fd520fa26383caf23The Joomla BookLibrary component version 1.5.2.4 suffers from a remote file inclusion vulnerability.
04c4367d1180c9b08d4ee3c368cb234c53cdc21efa25ee1a14bd406d42ea7027Secunia Research has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. Successful exploitation may allow execution of arbitrary code. Apple QuickTime version 7.6 is vulnerable.
a2a4b3b1f79137e0bdaa1f56ec9cb556a63484d2f019f3520bd9593a4fd3fe1bSecunia Research has discovered two vulnerabilities in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors when processing certain atoms and can be exploited to cause stack-based buffer overflows via a specially crafted PowerPoint file. Successful exploitation allows execution of arbitrary code. Microsoft PowerPoint 2000 SP3 is affected.
565f67468c3c6a9e5fa87b11ec3c1f0615fbcd97493d26b020d6d08c6e7b34abSecunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in pdftops while decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. CUPS version 1.3.9 is affected.
69cecc15d52272c8c8a0897ee8b9850da490e32c9e15ea296b4599e738188a11Secunia Research has discovered a vulnerability in Danske Bank Danske e-Sec Control Module ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DanskeSikker.ocx within an error logging function. This can be exploited to cause a stack-based buffer overflow by passing overly long input to certain methods when the ActiveX control has been initialised in a specific manner. Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious web site. Version 3.1.0.48 of DanskeSikker.ocx is affected.
0c49f548014bf47c1e0f20a22462665573baebd5130752d4f8f8b83d773e45d4Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing certificates and can be exploited to cause a stack-based buffer overflow by supplying a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.
5074d6ba3a66e64cbd2128beff95b591a78d8db4beb783f1de7c833c207d8698Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The Oracle BEA WebLogic Server can be configured to receive requests via an Apache, Sun, or IIS web server. In this case, a plug-in is installed in the Internet-facing web server that passes the request to a WebLogic server. An integer overflow when parsing HTTP requests can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.
dc03394e303c7b0bb15553655fc95276584fa1a608c7c0de7c576dc9a80e81c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed