Secunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource name in a Soundbank file and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.
170356687d98e8dd5f86f5b953ca4fbbSecunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource in a Soundbank file and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.
3db9cc81ca4519f62fad1c89fe7474beThis paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.
eeacb581ab0680707becbfb2bfb0e1ceDebian Linux Security Advisory 2025-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
fe559595d05352438d3c714ebd6725e4Debian Linux Security Advisory 2024-1 - Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.
c34429eaf608a8be733de99c76f2b745Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
120a93a37c3ceb14995b35370a832550iDefense Security Advisory 03.30.10 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s (formerly Sun Microsystems Inc.) Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.
23927a2f96a8ffb6ebc1a56c3a54cadaThe Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.
df895a7b1f99592b8cd35ccfb84a809dTechnical Cyber Security Alert 2010-89A - Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.
a1dee0c216289a0729c70352fb149d99iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
cc8039fd14f0ded54bdcbf218c4fe5d8HP Security Bulletin - Multiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information.
ac787967e28f44d37c74c7598b9d1714Secunia Research has discovered a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).
2b22e99098d772c0a55c454f65fc5de6Secunia Security Advisory - Two vulnerabilities have been reported in Apache ActiveMQ, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
86dcbeb6756715e54d1c30c69869ecaaSecunia Security Advisory - HP has acknowledged two vulnerabilities in HP Insight Control Suite For Linux, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
59c5dafd2c9dd2e2c4b7f79e983767e5Secunia Security Advisory - Multiple vulnerabilities have been reported in Sun Java, where some have an unknown impact and others can be exploited by malicious people to manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
93b780406226569211358353a777622bSecunia Security Advisory - Avaya has acknowledged a vulnerability in some Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
6258f322608b8f5e623d614d35324f96Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
d9dbd474e3124c55f325ac9f13dc92f3Secunia Security Advisory - Two vulnerabilities have been discovered in huroncms, which can be exploited by malicious people to conduct SQL injection attacks.
3b55f42ea6a8ced1abc1c51794ed7ea1Secunia Security Advisory - A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct script insertion attacks.
3103697047b2d12943e6189b8b55ff90Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
2fda6ad73da0906dacfff39e52673626Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
daee3d1d02d99f3c9e55f23bdbbc9e7eSecunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
0209f37df41d086cdd1339a0c1c30074Secunia Security Advisory - A security issue has been discovered in P30vel Hosting Script, which can be exploited by malicious people to bypass certain security restrictions.
f60df16c02f8724a761780163342cd02Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.
fe0c681a8360279d1078bec41f2729b8Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
e26ac07b30f25b3e3929ef9370c08337
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed