Ubuntu Security Notice 979-1 - Stefan Cornelius of Secunia Research discovered a boundary error during RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/inplug/image.cpp of okular when processing images embedded in PDB files, which can be exploited to cause a heap-based buffer overflow.
74535dda002d578f0a113adf8c78113aUbuntu Security Notice 974-2 - USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages.
3aab12c90f2cb1286a5d95fa9c8754feMandriva Linux Security Advisory 2010-162 - A specially crafted PDF or PS file could cause okular to crash or execute arbitrary code. The updated packages have been patched to correct this issue.
828e0e1c1bf3669dd61800bcabe534e9Zero Day Initiative Advisory 10-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. While parsing the HX_FLV_META_AMF_TYPE_MIXEDARRAY and the HX_FLV_META_AMF_TYPE_ARRAY data types the ParseKnownType function makes two improper calculations that can force integers to wrap. A remote attacker can exploit these vulnerabilities to execute arbitrary code under the context of the user playing the file.
b9185efa4eb6de6d380867c0480c44acZero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user.
f37c24d980d804b8558467fd71874741Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).
81a365eab7eb44bc60ed52a063dd3946Secunia Security Advisory - A vulnerability has been discovered in Mihalism Multi Host, which can be exploited by malicious people to conduct cross-site scripting attacks.
3b10875ea42f5e93c2b5a65c9eb755ddSecunia Security Advisory - A vulnerability has been discovered in IZArc, which can be exploited by malicious people to compromise a user's system.
857b08802ca8754c24377fece3f2b39eSecunia Security Advisory - A vulnerability has been reported in Cisco Packet Tracer, which can be exploited by malicious people to compromise a user's system.
77a624c4c03e1b2b0d29af6a5ce43377Secunia Security Advisory - A vulnerability has been discovered in Roxio Media Creator, which can be exploited by malicious people to compromise a user's system.
09a71703d9700cda02f5f9a53ed2bb01Secunia Security Advisory - A vulnerability has been discovered in PKZIP, which can be exploited by malicious people to compromise a user's system.
1c6f0693409629b7be2d7bc243618630Secunia Security Advisory - Eskarina Smith has discovered a vulnerability in Auto CMS, which can be exploited by malicious people to compromise a vulnerable system.
9c23d0a089f44f02079d4fa594130dacSecunia Security Advisory - A vulnerability has been discovered in Webmatic, which can be exploited by malicious people to conduct cross-site request forgery attacks.
bd0a1b621350df85c5955836e4101089Secunia Security Advisory - High-Tech Bridge SA has discovered some vulnerabilities in Target CMS, which can be exploited by malicious user to conduct script insertion attacks, SQL injection attacks, and disclose sensitive information and by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and disclose sensitive information.
36d3c89e35c01aefc6bc10945c06b885Secunia Security Advisory - A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
57916baf50ba53f5e4db873cff3dd34bSecunia Security Advisory - Two vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
eaba613dce7a89f19d5a6ca56552e9feUbuntu Security Notice 977-1 - It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
f68f3a58fdfc97baf2600337ecdae858Cisco Security Advisory - Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.
39b956735d64474208f2097bb325129dCisco Security Advisory - Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services. suffers from a denial of service vulnerability.
33edb5f3958a5e2477649763ba65dfabThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPIX module responsible for parsing the RIFF-based Director file format. When handling the mmap chunk, the process trusts the chunk size immediately following the fourCC value. It is passed to Ordinal1111 exported by the IML32X module which is responsible for allocating a heap buffer for processing the rest of the chunk. If an incorrect size is provided, later memory copies can corrupt data beyond the allocated buffer. This can be abused to execute remote code under the context of the user running the web browser.
33e5b0573ece83e983beb2adc72c6a91The GFI WebMonitor administrative interface suffers from a remote script code injection vulnerability.
e852ee5571207a5c8ba662b8b597b2bfSecunia Security Advisory - A security issue has been reported in SSSD, which can be exploited by malicious people to bypass certain security restrictions.
e80dfbca3f22019d9318f8d16d79ed55Ubuntu Security Notice 976-1 - It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.
0b74366029786f67cded22e3a6d3a27bZero Day Initiative Advisory 10-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Internet Security Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the UfPBCtrl.dll ActiveX control. The extSetOwner function accepts a parameter and assumes it is an initialized pointer. By specifying an invalid address, an attacker can force the process to call into a controlled memory region. This can be exploited to execute remote code under the context of the user invoking the browser.
79d435b7566cb78ed40a20bd51f2e7e9This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the Director RIFF based file format. While handling the rcsL chunk, code within DIRAPIX sign-extends a return value from a call to Ordinal1412 within the IML32X module. This ordinal is responsible for unmarshalling a WORD value from the RIFF chunk. If the value is signed, DIRAPIX sign-extends the value, performs arithmetic on it, and then proceeds to use it as an offset into a heap-based buffer. By supplying any of a specific range of values, an attacker can exploit this condition to execute arbitrary code under the context of the user running the web browser.
96d9afaf64e2fd149b9f8514366fefeb
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed