A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IML32 module distributed with the player. While parsing GIF files within a director movie (.dir or .dcr) the code trusts the specified size of the global color table and uses it to determine an offset to image data. The process subsequently attempts to write two NULL bytes to the calculated address. A remote attacker can abuse this logic to corrupt memory at a controlled location and subsequently execute arbitrary code under the context of the user running the application.
9665e8d242dba1521f1087c1dfbf723d6e69c1a95471fff6082b1b23f8090e7bThis application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
03f648fd25e963ffc16c601f4c37313b0c4a40c420d3424228f85f9d3b37875fLinksys WAP610N is a SOHO wireless access point that allows remote unauthenticated root access on TCP port 1111.
de0f690f14734c0bdb5d979f5549b27881d4226daff2f7bf6e1eac0775748d05A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
4e0acccb7d07905c2a7f565814201ce12c01a15abc149ccc9f479bee2775e0f7Drupal version 6.20 with Data version 6.x-1.0-alpha14 suffers from cross site scripting and remote SQL injection vulnerabilities.
46eef7ea59d38b661e543d3aaba60f8b3839c80236b4b0afc2de402f2b8e5e30Secunia Security Advisory - Debian has issued a fix for cgiirc. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
0fa6fc98abd8be94fea1d80c424ba46c6e9d81dfd1fbf653234dc75de3f46ea2Secunia Security Advisory - A vulnerability has been reported in IDA Pro, which can be exploited by malicious people to compromise a user's system.
b3382714b52b9d6e78195cc1908ddf39e97ee2d859e51dc03f639b1e07355f6eSecunia Security Advisory - Some security issues have been reported in Pidgin, which can be exploited by malicious, local users to disclose potentially sensitive information.
b6710ff8ca82de671cc2bccae7339283d273bdeba1ef915ac58ee2a740ffe3a1Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious people to cause a DoS (Denial of Service).
6a52d698996dddd269f5b91f44e88455c4c578cb5786f563c9b3ce5e0150700fSecunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
0d3c4d01e9588a11f9a908f59190baa27b45c1cb72bb65cb31dea02f4c571d63Secunia Security Advisory - A vulnerability has been reported in CGI:IRC, which can be exploited by malicious people to conduct cross-site scripting attacks.
97599656861be203c049f012a5ae4c0f9ba914da4095c65de0cafccfcf845c75Secunia Security Advisory - Some vulnerabilities have been reported in Django, which can be exploited by malicious people to bypass certain security restrictions and conduct script insertion and cross-site request forgery attacks.
94956ccedcbac4ccf26360d4830013cb607092cb6045849d3a1a73aa1f0a1aa3Secunia Security Advisory - A security issue has been reported in stunnel, which can be exploited by malicious, local users to disclose certain system information.
16bf88446fac424dd49a5e044257a0ef227dda80a4edeee1860316847f335998Secunia Security Advisory - A vulnerability has been reported in Novell Open Enterprise Server, which can be exploited by malicious people to compromise a vulnerable system.
91a6f3e34af21883d59163d8dbfdebc44aacd38e47958e0027f63aba0f45d234Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Java, which can be exploited by malicious people to cause a DoS (Denial of Service).
ee5ebbf7e80a4e76ca34623e3ed00be1562f7751bac730de20b48423c9cfa9aeSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in UMI.CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
8e5db6a01091edd62990b06adf9cddd83d8d9a4a7737da2408f277e9bf658d97
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed