Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when copying track content based on the track's dimensions and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
911bd4b055ba39de0bc64e6b9b69f88e96dd93acfe80f04f10e0363185f748a4The HP System Management Homepage suffers from multiple cross site scripting vulnerabilities. Versions 3.0.0.68, 3.0.2.77 and 6.1.0.103 have all been found affected.
53a9041c70d9e51c0569b7768b8ae8e00a154b6d73b60ce6004bc7053e66c59d16 bytes small Windows XP SP3 EN calc.exe shellcode.
aefb2d72b9392d340e4821d4b2923da53aef0f272a4b51ff933a304a08c88333Wonderware InBatch versions 9.0sp1 and below suffer from a buffer overflow vulnerability. Use the related file to exploit it.
2b75b40f8b5d10b1aad656254bc228553139874595ce2d6695d6663ecfb75d50Rompager version 4.07 can have a reboot triggered when a specially crafted HTTP request is sent, leading to a denial of service condition.
7594f2f7f7806fd97a0a21bf001a9c3d88ffab017e8560d769771dd06d977d7fUbuntu Security Notice 1029-1 - It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10.
9b2fbabcd1055b8d1ed15df519d9bfa669f526b20580aef58d06e29402c6362aHP Security Bulletin HPSBUX02611 SSRT090201 - A potential security vulnerability has been identified with HP-UX running threaded processes. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
922de3806abca904164728339dbb93c14f664ece0f8b2ef497d0516b4d01ce76Linux kernel local privilege escalation exploit for versions 2.6.37 and below. It leverages three separate vulnerabilities to achieve root including a NULL pointer dereference, being able to assign arbitrary Econet addresses to arbitrary interfaces, and the ability to write a NULL word to an arbitrary kernel address.
90c6bf981c13631f20aedf98e74ee2ce76bde194f9c594a64c300a938f3bfa47Ubuntu Security Notice 1028-1 - It was discovered that ImageMagick would search for configuration files in the current directory. If a user were tricked into opening or processing an image in an arbitrary directory, a local attacker could execute arbitrary code with the user's privileges.
47056107d69306034b4114396801a61897bf2714cca55fc93cd8dfe2bfb21dc1Ubuntu Security Notice 1027-1 - It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. A remote authenticated attacker could use this flaw to cause a denial of service or potentially execute arbitrary code. The default compiler options for Ubuntu 8.04 LTS and later should reduce the vulnerability to a denial of service. It was discovered that Quagga incorrectly parsed certain AS paths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.
b66d0d97d8d79ee0999d1909b27ea22768f14c676a608e4b2118ecb22443582eUbuntu Security Notice 1026-1 - It was discovered that Python Paste did not properly sanitize certain strings, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
31267294aa4741768e640b48e59f9c9c592675a288b7328f05e47d2b1f19d61eHP Security Bulletin HPSBMI02614 SSRT100344 - A potential security vulnerability has been identified with HP webOS Contacts Application. This vulnerability could be exploited to execute arbitrary HTML or JavaScript. Revision 1 of this advisory.
300346358b7d27840de4d276300a90f4c5bf2302d3f2c5471046194f39f48781Zero Day Initiative Advisory 10-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. This can lead to code execution under the context of the application.
0a777530341cc27ba50176bb4cbc81069d27fe8de07089d1c1b626878018cd9eZero Day Initiative Advisory 10-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application.
fe27a415bf1129d2cdcf8daf7da5a7cdc96fae5c4762eaf27cb687d10e897da4Zero Day Initiative Advisory 10-260 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.
57ecc56fde1ce42840f9e9d4ee18fb65ce0268b41c0e2ba56800178d5c6b7d34Zero Day Initiative Advisory 10-259 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. If this field's value is larger than the number of objects, the application will utilize objects outside of this array. Successful exploitation can lead to code execution under the context of the application.
1d97f6cd8f2ac987771196e4d23b1daf775c3871a23580f7cc21416d488ac61eZero Day Initiative Advisory 10-258 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user accessing the file.
d1ec829fd4eaff811e23a4fe840bd69c3a66c18864010616028b8a8902cfa68bZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
a1d0ac304ae09f5ed55684721e11fdfd45b505d65b879aa730803310aa0ad3bbCisco Template Manager (CTM) is a set of tools that make it easy to manage Cisco configurations over a whole network based on your self-defined templates. Templates support regular expressions. It works with the C760x, C730x, C37xx, C35xx, C29xx, C28xx, C18xx, and C17xx series.
c0b32a95feefaf6883d8ce6334f8b09ba30e91051337331af771bd0fe446edcbMandriva Linux Security Advisory 2010-249 - Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
d00420a0965c5f43de48674470f887dcc475ab4ccb679111164c3ca560f27022Solarwinds Orion NPM version 10.1 suffers from a cross site scripting vulnerability.
657dc482752d0c77132eaea76eb28dc4bc2621018713acc9d138fd6d6771bb89Mandriva Linux Security Advisory 2010-248 - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
0fb80493b5de14184b37107e51a4ef79834ed23a3a5deaf0133ebe29ebebf177VMware Security Advisory 2010-0019 - ESX 3.x Console OS (COS) updates for samba, bzip2, and openssl packages.
53508d995bd3ee7696e115312bf6f130857171310cf94855d6fe67fca9362f8aFirewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
f8af490bc3a09124eb5ac6ce1157366530cb516cf856a398b6ece819b6e6643eSecunia Security Advisory - A vulnerability has been discovered in the Processing Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
2fd4d7d574e412f5a18c262cae976b30536c6e2a74d37d2da7794a03af945915
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed