iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
9a38749723b857cb3e896aba20e2a23b58f974d6729609fcebae71db896a4859Sagem Routers remote authentication bypass exploit.
d2fdac660c0b373565c120f593f07bd6707693f1b49263a7c4203245213cc688Natychmiast CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
56080168e68a0fe9f99cf0eefd55774a4b62b4725ccfa0860cad9e7a84f3bf9fBS.Player version 2.51 build 1022 (Media Library) suffers from a remote buffer overflow vulnerability.
f25468b418f5da883aba03ba3a97cc69a0ac12dd3a29002bcf52aaf5015b998dVLC Media Player version 1.0.5 Goldeneye suffers from a remote buffer overflow vulnerability.
45fefeb10cd2a4179005d5fc8f1bb446d212e60c0c3bd235dc346b222895e4afJ. River Media Jukebox 12 suffers from a MP3 file handling remote heap overflow vulnerability.
3ca6de5494c1461fb8430666d200e8774d4394ff5b770c85cbe6b93663e7ab53PHP Auctions suffers from a cross site scripting vulnerability.
350da68cb039dbd530fc08d72a5ecba94e21f85eecb84bce7b296ddcd117446eOrb versions 2.0.01.0049 through 2.54.0018 DirectShow filter integer division by zero denial of service exploit.
f2b39e6229a5e79aef6d44b330b2a3e0ee296a19e66be8515be36e12dc69b07cThe survey and poll modules of PHP-Nuke CMS suffer from a remote SQL injection vulnerability.
4bd68725c894190cdf32ef82d91d676f9743dfc0c686d983012982fe37b8ace7Proof of concept exploit that demonstrates a buffer overflow in the Authentium Command On Demand Online scanner service.
6c2c10a5e9d972abb3a5a7fbc85a62a5cee7cb2db8a9f9eeda389ea1ed8e3ca8Remote exploitation of a buffer overflow vulnerability in Authentium Command On Demand Online scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user.
ff460caf25c81a660277872e6503993e3d1feec0740a20a6221a9d45b03935ffONECMS version 2.5 remote SQL injection exploit.
22acb548553a93bd2b7a34f6248d022bb85d79243158dbc046eb29c94969ed64Kolang is a php script that can be leveraged in local and remote file inclusion attacks and performs safe mode bypass for PHP versions 4.3.10 through 5.3.10.
1b47a4a61c61f8fa62d201ad330d696103dcc72feab90a35d2506dc2474db0bdPre E-Learning Portal suffers from a remote SQL injection vulnerability.
d44c62b51c69fcebf96af6b5c7a2d00bdfa6c8a61c4ab0a20b533376b873bdc164 bytes small Linux/x86 disable modsecurity shellcode.
e8261ae52c26a3515612218e01155cb14c01b01745dcfc5b66e3f26339e36962The Joomla Blog component suffers from a local file inclusion vulnerability.
ccd4eed99373a1a012cdda7abcc0520402cb25e1ed056bcfb3b4f4d39409c62aBBSXP 2008 suffers from a cross site scripting vulnerability.
7993c47a2788d8a9674c3cfe4866138ef9b929d88351f21912e1fb3125cb7af0This paper documents approximately 50 remote file inclusion vulnerabilities in Joomla and related components.
8a5d92efdfd15123d6ad869d4c6c3d04d04313918ae5fffeaf1cd2c0d2e807fafcrontab, part of the fcron scheduler, is vulnerable to several race conditions that allow a local attacker to use symbolic links to read unauthorized files. Versions before 3.0.5 are affected.
98b074988db21a82cb0d1db0587ca3e425f7069f5456bcbcc661e92236c7ee71Secunia Security Advisory - Multiple vulnerabilities have been discovered in CSS Web Installer ActiveX control, which can be exploited by malicious people to compromise a user's system.
6de816e16d9251532751fbc9d18d2a20d14e7d80ee46e6f15c2b0b8a82e8d398Secunia Security Advisory - liscker has discovered a vulnerability in BBSXP, which can be exploited by malicious people to conduct cross-site scripting attacks.
15b684ab66afe4b6dc2a6cf6ec76fe2e320a5fc25afb590e587258097c6030e7Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.
52b82e4d228219e503f8f3505fe467e21a541d0afd178c77817fce53a37e9e22Secunia Security Advisory - A security issue has been reported in OpenPNE, which can be exploited by malicious people to bypass certain security restrictions.
b9e8f3f89e641cd6cdccb2a220c5af1e0141a582ce7f802f93d4e0b67dc9b5a1Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
ebf7f44a55f37cf60603f733f9226fcdbb4dc6dbeab9c52ed29d8e7219cca9e6Secunia Security Advisory - A vulnerability has been reported in the AddThis Button module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
99c12b6b0de0ad03ab13847c5230edafe1abc8b49e5948a8b4754a5f1a86bcb6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed