Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.
c4af04d7c30dd03dda3e8f5888336601Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.
061d0e03670a14fb830e0d5925cefc41Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.
a728cd76edd25558331438f7dcb649d7Ubuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
637c75af6ed7cfc0f7633dc195d05bb4A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.
94bbf579e7ce82be3b0c69ebe04c3417Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.
73094410a6a76a0e8a4a0ffcf5b3457fUbuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
c244a782c438ac4e72bae66a0daaeca7Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.
bedf28c35a50e9cb8f7f2d68bd4533benSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.
6c1259bf89876a4db26f387ccbe3d915Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
ce043d86e90d1ea68eea507736d89494Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
39c749bdfcd3f88715606712f74b6a41Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).
3125432956b0db9c92a9ee3ae5fe4d26Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.
a994c58947e472104badab7c7164a618Secunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.
85fe8f6c8c40fe1daf67e2b11bb954b0Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
ea5dc6ac31df8683587918407bdf0a3aSecunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.
50b7299f596b83dfd7b5dab4efb83cdaSecunia Security Advisory - Fedora has issued an update for sepostgresql. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, bypass certain security restrictions, and compromise a vulnerable system.
f559ae17ebe2e5ac49c299d20464e01bSecunia Security Advisory - Fedora has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
cc40412065c186eed067c2b2d7f52626Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
65dd133eaf42e255b58974386d81babfSecunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
a4d1f9a49b6edea7b85e151a5e304bafSecunia Security Advisory - A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
e2729a1f8482fda15e5e7a731258970dSecunia Security Advisory - A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious people to bypass certain security restrictions.
32af9b9cf8159d41c1683c885460a42cSecunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
ef443123422509f8ba0ee7019b671f54Secunia Security Advisory - Red Hat has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
49d08017d24551acd9ed0d94d65ce043Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
e02445be5b1f92f9887998bd5ced6c5d
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed