Zero Day Initiative Advisory 12-020 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
bc2a6396ce132c167f3e02fe5e0874bbZero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.
d0dcbc9682d2fa02fba911b37eadea42Mandriva Linux Security Advisory 2012-011 - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. The updated packages have been patched to correct this issue. The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t version which is not vulnerable to this issue.
401bd9d16e9029659f39db64d93b731dDebian Linux Security Advisory 2398-1 - Several vulnerabilities have been discovered in Curl, an URL transfer library.
c95ecedbb71b86ff645dc34a026ce3a1Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
5fbcd6733c04d9d6fff335b1ba60696dGentoo Linux Security Advisory 201201-18 - Multiple vulnerabilities in bip might allow remote unauthenticated attackers to cause a Denial of Service or possibly execute arbitrary code. Versions less than 0.8.8-r1 are affected.
99e30f4c071310e9bb02e27821694a6eRed Hat Security Advisory 2012-0071-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.
44d81ae92adf7850ee1f492269f37d84Red Hat Security Advisory 2012-0070-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
d315ce01d286f71b01b0b81eb34f1950Red Hat Security Advisory 2012-0069-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
ef371079c7969e4ffda3cb3dc3bff183Debian Linux Security Advisory 2397-1 - It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.
34098d57e9d12d3b3947c2fb58c89cf8Gentoo Linux Security Advisory 201201-17 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 16.0.912.77 are affected.
23d9709d773251cea2af43e3f01f8d78Secunia Security Advisory - A vulnerability has been reported in WHMCompleteSolution, which can be exploited by malicious people to compromise a vulnerable system.
ef906d38584e851acc7d8c6778fc5f09Secunia Security Advisory - Two vulnerabilities have been reported in IBM SPSS SamplePower, which can be exploited by malicious people to compromise a user's system.
a9fc2c0206a18e003747bad81aaab5daSecunia Security Advisory - Multiple vulnerabilities have been reported in Postfix Admin, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and script insertion attacks.
9fa75d56644707dcc051b2369694c2d1Secunia Security Advisory - A vulnerability has been reported in the Search Autocomplete module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.
682990bd01bf5789932b98b1652c542fSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in DClassifieds, which can be exploited by malicious people to conduct cross-site request forgery attacks.
59be80cb2df4a9dcd2c9ae026b775b73Secunia Security Advisory - Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
81e1afee468a9e47ae3ccb813dd9868cSecunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
8d187aeb5bdef44b7b618dab5f1cd5c5Secunia Security Advisory - A vulnerability has been reported in Samba, which can be exploited by malicious people to cause a DoS (Denial of Service).
b26827a79879aa68d5077e622c26b1c9Secunia Security Advisory - Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
0478b5d7b8d2ec3a80e032d26a7c8a58Secunia Security Advisory - Ogro has reported a vulnerability in Ada Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
7bad5d2267e5f2e79c4aacac586cd5faSecunia Security Advisory - Debian has issued an update for icu. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
7e7d878fb20c16f3b84a1371557e6587Secunia Security Advisory - Gentoo has issued an update for xkeyboard-config. This fixes a weakness, which can be exploited by malicious people with physical access to bypass certain security restrictions.
6dfc937751e1feff1e6651cc1ad20eb6Secunia Security Advisory - Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
f9e90cebb5803a47ec27ec65f799e9beSecunia Security Advisory - Gentoo has issued an update for chromium. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
71fb59fe366e196a4ea5a0819eb39f40
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed