PHP-Quick-Arcade version 3.0.23 suffers from a remote SQL injection vulnerability.
a3ce993e63c9e60d50fb2b6966af64040591c7755a658bc6a3126bd95cbb67d0HP Security Bulletin HPSBUX02639 SSRT100293 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). Revision 1 of this advisory.
209e6b531e6c22cda77b1e56769e99de6243bf4ef18ae36023e84e520f5fadc9Bloly version 1.3 suffers from a cross site scripting vulnerability.
d65dd715220f2813ffad3fa4878dc416a1a6f3776076a0c2c5dd3d7abe22d2a1Mandriva Linux Security Advisory 2011-061 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Fix memory corruption in WMV parsing. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebM file, related to buffers for Fix heap corruption crashes. Fix invalid reads in VC-1 decoding. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues.
d6c3a6eef98903a7ea2ba82b2d03e09f18e14c6a66027b06acba91c42c4f166eUbuntu Security Notice 1101-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse.
4f783d63e13eb667ba2d8d8fc67df66ed847ad52e1a97be9be9c7631206774daMandriva Linux Security Advisory 2011-060 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service via a crafted.ogg file, related to the vorbis_floor0_decode function. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.
72bda34e1a85cce233e9d75d74936eddfb6b008e8d850ac1e6308d2a939ee87bHP Security Bulletin HPSBUX02646 SSRT100396 - A potential security vulnerability have been identified with HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS). Revision 1 of this advisory.
fa8f797649a866b4f9c3660939c5867401aa7f6bc77ff54520dd1de3bdb47663HP Security Bulletin HPSBUX02645 SSRT100387 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
7dbe07b505311e3b0fd76cccc4c6f626897f6c143d90407adb967195b67fd761Mandriva Linux Security Advisory 2011-059 - Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted AVI file that triggers a divide-by-zero error. And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues.
0a8a1f1e04b5536ef974768d7446ef1b4f3284aa9b838d04fa6ef7005a46de35AR Web Content Manager (AWCM) version 2.2 suffers from a cross site scripting vulnerability.
e5bda51443c337b7abb8f77ee5bdc9061e3221dad52ec0d5738aee55bda5ce80Mandriva Linux Security Advisory 2011-058 - The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service via a malformed AS_PATHLIMIT path attribute. Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues.
d4c0f6cc4daa438fcc020c6831fdc5609a4890a1b60fb7729d8b61c7c0174599HP Security Bulletin HPSBMA02650 SSRT100429 - Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized access. Revision 1 of this advisory.
dc03e5ab101c90676cf6d5123455e33b801daad8109058c57580d977c046e994Webworx Technologies Lahore Pakistan PHP and ASP suffers from a remote SQL injection vulnerability.
50354cb5f81e609e925cd43f008fd8f521972495ce9488cdb3f833bd6701fe31Proof of concept exploit that demonstrates a nested IPComp encapsulation with DEFLATE LZ77 RFC1951 Quine.
890c49f5f83061ea954fb9a23339ca60ca0ebf9314977eb3e612ab32b4f695adThis exploit demonstrates the BSD IPComp kernel stack overflow testcase.
27dd774131a7d2eec911662d9e56870983f18130fedea8a3e34b21ce994a0e06BSD derived RFC3173 IPComp encapsulation will expand an arbitrarily nested payload.
9fc8978ac19d07c63ebbb956abb1eee151bc9f5b6292741f37ab46d10feabcefiDefense Security Advisory 03.31.11 - Remote exploitation of a stack buffer overflow vulnerability in RealNetworks Inc.'s Helix DNA Server could allow an attacker to execute arbitrary code with the privileges of the affected service. The Helix DNA Server contains a vulnerability that can be triggered by an unauthenticated attacker. The vulnerability results due to the parsing of a certain type of Real Time Streaming Protocol (RTSP) request specifying a large string. The vulnerable function may perform a copy operation that results in the bounds of a stack buffer to be overflown. Helix Server and Helix Mobile Server versions 12.x, 13.x and 14.x are vulnerable.
646f9692a4c19c1a67265898df206d806c7f6d3f87eeea396e9dd15496d03dcbSecunia Security Advisory - SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
7b32f2249afe4f5a3f4cab707988675a7e91c7635c7cef2a120588270fc609a7Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
dab0591b325ceb6addb551ccaddd35aaadf7d7b1dff960fe9bec2acdef5286a2Secunia Security Advisory - SUSE has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
ea183619105c06f466ae561b94618fcc8d3c809a76109b8ab9d9601aa5a64afbSecunia Security Advisory - MustLive has reported some vulnerabilities in Cetera eCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
ec9dc823b390da2396d7cfd49adc46a35ebe095e00070b6b66d08deb60046783Secunia Security Advisory - Ubuntu has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
4f009f4eb588f0d52dc67351df74776119471981fb299e3dec362b6bceea031fSecunia Security Advisory - A security issue has been reported in Cisco NAC Guest Server, which can be exploited by malicious people to bypass certain security restrictions.
f6d47495e3f28204fc8e0106b4fe5dc90482bdfc422df72e7efc3310bb40e3ceSecunia Security Advisory - SUSE has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.
7dae63cd345ab7ca5440bef464d99f0687a40188e9fd1a55a5b51b708631afa8Secunia Security Advisory - SUSE has issued an update for fuse. This fixes some security issues, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
8ded6fcf5dfcf8cbe6ab35972743c55fb85a175021e161bbf4e8e4b71e512dac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed