Ubuntu Security Notice 1104-1 - Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. It was discovered that FFmpeg incorrectly handled certain malformed ogg files. It was discovered that FFmpeg incorrectly handled certain malformed WebM files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files.
3e6c89dc86b21f60e492841d1b3209709f3e92b20a589bdfd798814dd3503394Ubuntu Security Notice 1103-1 - Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges.
83801b98f0404790171929036651a1a465deda4d36f504fa5bc2f7e78782519dZero Day Initiative Advisory 11-116 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by default on TCP port 3037. When handling the contents of an XML tag the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
90cc0ec6c17dd1c6b9db0eac9cb8488cf7836c49abb40016ff5390f7f492fc6aMoscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).
9e3266b4a6f5ae2e53b40d3c5e991124d65109c96cbb495ee2ede2af43102b27The Call for Papers (CFP) for Hack In The Box 2011 Malaysia is now open.
8507981eede32ea14183dbf30f661baea2142a27814a6c413c95af4d37448f71A reflected cross site scripting vulnerability in LiveStreet version 0.4.2 can be exploited to execute arbitrary JavaScript.
2d8eda39a7f87966420ac83fa63d45dfaa2f03c6667834fc8389ef3c58fb9045OpenEMR version 4.0.0 suffers from arbitrary database creation / enumeration.
dddf61c935cdcd4f8df2692ee65b8cc4779be68b09f9c4e9c9b42177fd87abdcA local file inclusion vulnerability in OpenEMR version 4.0.0 can be exploited to include arbitrary files.
9eba963b52998e9bc872dc06b24f2cd1a37711bd9c90067d57fdfc966c2a6720A reflected cross site scripting vulnerability in OpenEMR version 4.0.0 can be exploited to execute arbitrary JavaScript.
5e72e282ba9e9103255e1b840f91ce2378bba7b0bfeb70e4d8d3f5b12358c5cbA reflected cross site scripting vulnerability in WordPress AdWizz version 1.0 can be exploited to execute arbitrary JavaScript.
8a9d9c1ebf2a627cef743834e525f4f080dfc7ac0068d836e37f7d69613ef26bA reflected cross site scripting vulnerability in WordPress Placester version 0.1.0 can be exploited to execute arbitrary JavaScript.
b194b7882cf1b7ab61647ac4dd7398f0a19250f8237bd99e0f8d2f6ab2339b2dWordPress WP Custom Pages version 0.5.0.1 suffers from a local file inclusion vulnerability.
4b08042a71b6a53021d6402455a7d0578b34f811383665fc249b416ab55ae72dUbuntu Security Notice 1102-1 - Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.
36a88db86950567b8cf90af39cd85d900e412c352e4f7cf5551a92599d603ff1Mandriva Linux Security Advisory 2011-064 - Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a.tiff file that has an unexpected BitsPerSample value.
6ac748ece14189ec17ddd69410b44f068bff96190b2fe40bcf033768554b799fMandriva Linux Security Advisory 2011-063 - xslt.c in XML Security Library before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
03676e8800dd4f2484e21c820bde4c6bd3aa8089ea8f4d526c12470af6ef5eacAnanta Gazelle version 1.0 suffers from a cross site scripting vulnerability.
a7db18868add2178b346c28a3e2c63af983da4596c9a507dd7d3d3cea36cd4edAnanta Gazelle version 1.0 suffers from a remote SQL injection vulnerability.
5b6d421dbfc4e58b296226f759b464d79e2a9fff16052c708fc8dabf8e31819aPlanet FPS-1101 suffers from a cross site scripting vulnerability.
be4c8ab13a464046b02df8cc9802560d96c9104640b88685fbfa716d71252e47Longshine Multiple Print Servers suffer from a cross site scripting vulnerability.
e9739bb3fb22f3cb02183f303617b0b9935d7800671c26fe5abb88c7acf7bdfeZO Tech Multiple Print Servers suffer from a cross site scripting vulnerability.
5b76398f48aeff7943f4af61b9f875a7a6058d249a9099a8ecd83c597a68bb53Planex Mini-300PU and Mini100s suffer from a cross site scripting vulnerability.
7fce1a4abec2e258b4bf99447ee0dc88e9148224d06f082dede91c8c9c42a140TP-Link TL-PS110U and TL-PS110P suffer from a cross site scripting vulnerability.
55c03ebea61a2386e763948b04538e51723e74ac26d209b5827ff3e1995bd8d3Encore ENPS-2012 suffers from a cross site scripting vulnerability.
8b30c93a0376068296832b435f1fcb77cc84b0ee02f856eac2d5e1b838eaf19aDoceboLMS version 4.0.4 suffers from multiple cross site scripting vulnerabilities.
f05d2fc8f18a0ffba23d0c365e3e620e537c53fcdd2ae8528167afa9108942cdDebian Linux Security Advisory 2210-1 - Several vulnerabilities were discovered in the TIFF manipulation and conversion library.
17908e5e389a1d58bfea5592d9c39b4318e589b4b87dd51d806219e7d1055abc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed