Zero Day Initiative Advisory 11-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within mshtml.dll and is a logic bug in the way it handles the 'extra size index' in certain CDispNode classes within the SetExpandedClipRect function. When the 'extra size index' is zero, the code fails to correctly adjust the class instance pointer before and uses the vftable pointer as a flag field. This corrupts the vftable pointer and can lead to remote code execution under the context of the current user. This issue is closely related to CVE-2009-3672.
1d40d6b1ba8dfd59633c144649c1581d7ee175acfcca3e3c50b35fcaa6c656a9Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.
fbfbd2d2afca4f61a064175e15ba52c20edd33a6ce5dbc4b75600c0392c49983Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.
49e5115748956c3af8a74acce2d714b829db1a341cc8fd48b66a19a161e41ffeZero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
fdaefb0d3ef4ba650c4eed49e97330766ec02cd5c66f50e4795ac2130cfd44b9Gentoo Linux Security Advisory 201110-12 - Multiple denial of service vulnerabilities were found in Unbound. Versions less than 1.4.10 are affected.
acbc990c4724db50df721315fbe9ce8d6afbb94d9cc3ef2ce6cff88c460f20bcMandriva Linux Security Advisory 2011-150 - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service or possibly have unspecified other impact via a long line in a response.
5e0f011b503708fa29fd1e15a76130866cbc07147d7f96216c38d618f2d858f4AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.
85caebbc8302080405aaba7b14f4d050846bcc4ebc8f6a18d8cc7afc3983ae10aSgbookPHP version 1.9 suffers from a cross site scripting vulnerability.
fa1a2a00d58496a2268288ec516ff78e9ea410036ba43a047873b29febc8bae7This is a Perl CGI backdoor that provides shell-like capability.
09fc7f09f2300df12f0b671a4184d8050707a0d7248afe5344459a60b8ed9388Secunia Security Advisory - A vulnerability has been reported in Xerox ColorQube, which can be exploited by malicious people to bypass certain security restrictions.
0c7b52344bbf5568c7416ab7e8e452cd57006cafd8cffbd6e91b462a2cf2b126Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes two weakness and a vulnerability, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
ba6954b698cdc9a7e741fbe45bd1f6aa8895b56a2728b76a49c4238aa35941cbSecunia Security Advisory - Multiple vulnerabilities have been reported in ICONICS GENESIS32, which can be exploited by malicious people to compromise a user's system.
0303c0f8539041d0f10ae1ccf0fb35475e8b0f2bff75dd5e5d2a4ac2946a326dSecunia Security Advisory - Debian has issued an update for dokuwiki. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
ea381cc717f03a908ecee64029e76fef840febf24df797ee64d8cd6737e48811Secunia Security Advisory - A vulnerability have been reported in Kent Web Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
c3d7b8c3129ae8e35f6a1a2a84f8d577cecf013a56173406f30339a882358bc4Secunia Security Advisory - Luigi Auriemma has reported two vulnerabilities in GenStat, which can be exploited by malicious people to compromise a user's system.
8a58df3131300e6175ea39289643ac14b9aa52fe81f9b4b03a62c9aad476ad33Secunia Security Advisory - A vulnerability has been reported in the Time Returns component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
6befea8f1e255992abd9147092b58cc94dddec6682af315c230927c6993e7762Secunia Security Advisory - Multiple vulnerabilities have been reported in the Barter component for Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
b1fc50d2cec61ab0541e1f2d5823fa50037ce603c1f979e0caaab772afd55310Secunia Security Advisory - Gentoo has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
fa01ea8d241ed116bf6c8377b56c0600dab9fcbbd304b3731c4f2208623b6cafSecunia Security Advisory - A vulnerability has been discovered in JAKCMS, which can be exploited by malicious users to conduct script insertion attacks.
7f95d0daec097237ccf18abd978a2dfbc54caf67f541fc79922ca7747d50dd08Secunia Security Advisory - Debian has issued an update for bugzilla. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain access to potentially sensitive information, by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information, conduct HTTP response splitting, cross-site request forgery, and spoofing attacks, and bypass certain security restrictions.
c9168ad5c1a3f711af622093ad3db361f2f2519c8206a374406d6cceb1028ee3Secunia Security Advisory - Gentoo has issued an update for openssl. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), conduct spoofing attacks, and compromise an application using the library.
e9a2ecda542c6dcd8472c8b722374ee34dfbbfb0921b3ee535e0f4180fb3b366Secunia Security Advisory - Two vulnerabilities have been discovered in KaiBB, which can be exploited by malicious people to conduct SQL injection attacks.
a2eb4777db3904a7c8ad100d49bab0fe5d8ec7057144ab82eb2b7314f83d704fSecunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
e809ccdacd49dc257da5dae61b9cef04758da0d8ae1838eedc9b1c1344607c37Secunia Security Advisory - A vulnerability has been reported in HP Onboard Administrator, which can be exploited by malicious people to bypass certain security restrictions.
026bbb0dbcbcf789015c1ee7748d56d7ee12ab48184e15d7c8153537445f0becSecunia Security Advisory - A vulnerability have been reported in Kent Web Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
754ace2c32d6797a9f898f738349e1f99d3ed48927cdd5dfc0584c2c207eb0fd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed