This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
3cb12bf18862a6b8d19ec162dc207e19cb5f515c8eb78c636ca9c004868e964dBoth the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.
aafbc29fb69700ddfede45739b89f53ecdd9feddad2b8b638abff600d022e08bAndroid, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission. Android versions greater and equal to 1.5 CRB17 and less than or equal to 1.5 CRB42 are affected.
4529118996146152d1d83f69c6d70389ced40256af266233bb1f2cd14f0ae955Pango suffers from an integer overflow during heap allocation size calculations.
25824ba2d7dd0a37d1a590740cc4a39088732380d9d9c415e4dc4d4617ab7682Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predate glib are vulnerable due to the commonality of this flawed code.
53bba693225b9b5a30ee3d26bab42447350b5931b378ef7725720712448ef169The OpenCORE multimedia decoding subsystem suffers from an insufficient bounds checking vulnerability during MP3 decoding. Versions 2.0 and below are affected.
b7188685b4ebf996c46ba261e28de1087393ed44b83cbc02bbce72508eb66d36Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.
f5724c1eba1778218b03f1b5af75356b08e95a08bbe2b92274df7f31dea9d59aTwo cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received emails. The second vulnerability has a wider impact. Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data.
acda1d56ba4b8127f008b4511f6c73504b17ce52451cced4c4ab5e70aa2f8410The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. xine-lib versions 1.1.14 and below are affected.
6ca037f9e8d51e3f07cc53661d3f13706366e6df2b215a8e1e7ad67c75a07c41Proof of concept exploit that demonstrates a buffer overflow vulnerability in Ghostscript versions 8.61 and below.
329b211825119b859b126237f16f381c87e49a08986f152ccb8e75538f684239
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed