Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users to disclose system information and cause a DoS, and by malicious people to cause a DoS.
15f7b47c380317c5e662520546ab9f88c3c92a0cf3f5914f2650a88207a92cf5Secunia Security Advisory - A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to conduct cross-site scripting attacks.
91528888d3f097188052af452fb3cf27f7466cb1bff20e6a3c0900ade0404115Secunia Security Advisory - Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise a user's system, and compromise a vulnerable system.
d09adfe72b415d7c83c0a30edbe222de245a067c9a9ad130a5d486440d06d643Secunia Security Advisory - A security issue has been reported in MODACOM URoad-5000, which can be exploited by malicious people to compromise a vulnerable system.
07e67301db10795c8e9f5aab7c09049eee6ad025d5b645f641a7d9038335e224Secunia Security Advisory - Red Hat has issued an update for subversion. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
abbc17536a4b7cfdbad6efc566831bd94470d98e828d1cf60c2d2787ff8224d6Secunia Security Advisory - SUSE has issued an update for ethereal. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
0dcff5ae81f43fb7faf6b9cfd53860043ccf55f78ab8f9388322ab8066e4d33dSecunia Security Advisory - IBM has acknowledged a vulnerability in IBM Cognos 8 Planning, which can be exploited by malicious people to cause a DoS (Denial of Service).
18003e8dc95f6533cdd5b8ca645f7f4df0d1a074b422de1e7662569f3eb29878Secunia Security Advisory - A vulnerability has been reported in HP LoadRunner, which can be exploited by malicious people to compromise a vulnerable system.
f8cc78d4eff06461d7c4fba148327111cf5c87a781a8ce3529ff3352a9ee4b1aSecunia Security Advisory - Two vulnerabilities have been reported in the Prepopulate module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
d42a16c8832c62691d2467d5f66f146d29e413bc09319d102ef552cf182c5630Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
4e8615a2b2ce00a55b8e38fcf8550b170ee7defc002d3784f0f7880d7791e420Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, compromise a user's system, and compromise a vulnerable system.
1e264132e5cfa7f970546e1a4c7a85509bf8fead1b4b757ffd48225c77cf9c2dHP Security Bulletin HPSBMA02674 SSRT100487 - Potential security vulnerabilities have been identified in HP Service Manager and HP Service Center which may allow remote authenticated users unauthorized access, unsecured local access, remote disclosure of privileged information, HTTP session credential re-use, cross site scripting (XSS) and remote script injection. Revision 1 of this advisory.
904b115baa855f4be6b3d532e03d7c1555a1cc0e552dd4893be5650a96c35fabRed Hat Security Advisory 2011-0861-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. Various other issues were also addressed.
61b36e4ad1a6f0b75382a4c6f82d8f8e00315ffa03ef57737348fb9747bb6e7fRed Hat Security Advisory 2011-0860-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the "Oracle Java SE Critical Patch Update Advisory" page, listed in the References section. Various other issues were also addressed.
f918ba9afa4cee9c83fdf02505afcf2e1c7ddbe032eef5d7ead392dea6b78878Zero Day Initiative Advisory 11-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime running on OSX or Linux. This vulnerability does not affect java running on Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'crdi' tag it is possible to specify a value that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
98155c7bca1cecc501f145884f81d2f9bdd08fc69143bc5280ab0e9a767b6ef8Zero Day Initiative Advisory 11-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'ncl2' tag with an invalid value for DevCoords count it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
b810531598188960f9a0dc23476416c3e8ff58844fa9623a021b0ae698a9bb4b422 bytes small Linux/x86-32 connectback with SSL connection shellcode.
8487f1b7de1c3a9fc9b52f4a78e489eb7cf9494c5be31b21fcbcff1f15509b04Zero Day Initiative Advisory 11-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'ncl2' tag it is possible to specify a value that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
f1b1a4bb8f903bb79362784d9ca6d4c44520792caf00a71429e1a83f4eb92e80Zero Day Initiative Advisory 11-187 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid 'clrt' tag, the process can be forced to overflow an integer value during an arithmetic operation. The newly calculated value is then used to allocate memory on the heap. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
ebfb6aaa4b0c4476de8c2e12a095e008fb4a1844d4e8ed012bea7ccafaade5c1Zero Day Initiative Advisory 11-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid MultiLanguage 'curv' tag it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
cc9facb15ae97361e8390b5238b9d98ef45480efc8e10d2dd9a238e397f0cdfdRed Hat Security Advisory 2011-0859 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. Various other issues were also addressed.
fbb933d7dd8db52517f73e6b2c79ea7e31a4f26aac03bbafbaa902ec4db8b03eVLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.
327fb012113f085e2d29934a59a41059f4a43c75746929006f19c0dcd0cdb1b8ActFax Server FTP post authentication remote buffer overflow exploit.
4be2f3a68350281866ccffc27102dc7ca96ae58300eeb928a65f39b7f23e1feaIP Cameras such as TRENDnet, Digicom, and iPUX all share a firmware that suffers from undocumented user, command injection, hidden telnet service, and various other vulnerabilities.
2e13035b1da24232cad2b5abbce7c0d6968fb792c214dcbcbecba7542a6aaf4b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed