Zero Day Initiative Advisory 10-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a COMMENT variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
0d5e6f9d02ae73627ffdff7b3b9a1dc22f731eef6c026b207f7c203db145b753Zero Day Initiative Advisory 10-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a RRULE variable it allocates memory for 0x800 bytes for the variable's contents, a list of numbers. It then proceeds to copy the numbers from the request while there are numbers to parse. By specifying a large amount of comma-separated values within an RRULE, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
02c6961f8f762fc8a11011d2564486ae91d156dbb4c0f5d99fe5933cfb271e37The Joomla Clanlist component suffers from a remote SQL injection vulnerability.
57fc4f5adabc0d8495807194ba99ad68ac79b9f21e8045885610da8c9ae5343dxt:Commerce Shopsoftware suffers from an arbitrary file upload vulnerability.
7a40fc2fd55b3ebb2732aea693b22c478228127de7c1de636183786cf600e048The Joomla Clan component suffers from a remote SQL injection vulnerability.
fd56143cad69ceff772720fe01e01f53ea982ee1d4500944a5a355400993f53cZero Day Initiative Advisory 10-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out string data from within it. The process does not properly check the length of these values before copying them to a fixed-length buffer. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
22243a54416dc69d22e82bb0893abc0b292344e3e8365318f1eec8e08cb3e36cIt would appear that the maintainers of the Joomla ProDesk component have not patched the local file inclusion vulnerability that existed in prior versions. This affects versions 1.5 and below.
1dfaf6a49cd24e7bb67b8a0e78d5a9b7009afdbb8219a6b16be4db6fe7d5fabbZero Day Initiative Advisory 10-237 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the entities within its contents, separated by a semicolon. The process does not properly check the size of these values before copying them individually to a fixed-length stack buffer. This can be abused by an attacker to overflow the buffer and subsequently execute arbitrary code under the context of the SYSTEM user.
ad8b2639adbe3da594d526f78009c9fba79bcccf5acd7bbba38374543c0770c7Zero Day Initiative Advisory 10-236 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Composition Environment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sapstartsrv.exe process which listens by default on ports 50013 and 50113. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop which results in attacker-supplied data being written into existing function pointers. It is possible for a remote attacker to leverage this vulnerability to execute arbitrary code.
d93fba5070d3002c67efddba95719dc9f56bbf5400da351eafdd592a8e7f3611The Joomla CKForms component suffers from a local file inclusion vulnerability.
23fe9f09169ac712990773472bced031c0afc164ef6e9f3dfec3479511ea1c38PunBB version 1.3.4 suffers from a path disclosure vulnerability.
3669a410665dd6222e572be15b5d07aac3a565b1ebf4563c6b2f42eb7c3d855eThe Joomla RSform component version 1.0.5 suffers from local file inclusion and remote SQL injection vulnerabilities.
e4c4aa629358df1ff23b64737e6277f8b40f8d4ce961131170d4ec52d07e2562This is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.
373b779224dfe366049456b486a0f52893693761af7861f0c2f4e45a15feacc4ASPilot Pilot Cart version 7.3 suffers from cross site scripting, remote SQL injection, iframe injection and link injection vulnerabilities.
4a608d403b49bc3bfad57ed24fd8a4763cd757d47f015ea513226d3378647a97The Joomla Branch component suffers from local file inclusion and file download vulnerabilities.
d97aa396bbfb28b4fbe68d6be9e3ef8643985d2d4ea2a7af0861c9cd4cc510dcUbuntu Security Notice 1008-4 - USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'host_device' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
a703c3b52b149defc693be88e89c0a6c02d09f2011f32766fcfe27409c7caa7d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed