Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.
bda7d9a6037b717f828fe03148093d6578e44697389fab80cebbcb196eeacc52
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.
0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0c
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.
a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495ab
Ubuntu Security Notice 1011-3 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
ea538fb7a396cad06d7b022df27a6427f3c3f3de5e776aa2b925db67faeff274
A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.
52321373bf2a0653fb086d290321ba798dc5e0c8bffe3c1b5a613be0afe0213f
Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. Various other issues were discovered and addressed.
dbf842de06300f7667099150cb0e617a4a3656e900e4a73d6bc01c5ed06a9df2
Ubuntu Security Notice 1011-2 - USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
80c141f74cebc113235f042dfb7cd7ed50aca7352fc34b58fdc7627cb6a710b2
Mandriva Linux Security Advisory 2010-213 - Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware.
4cdfd6730622b7459b8ae41be37d6808924aa067a1e95a69d2c972df23792f1f
nSense Vulnerability Research Security Advisory - Teamspeak 2 version 2.0.32.60 suffers from a remote code execution vulnerability. The specific flaw exists within the TeamSpeak.exe module teardown procedure responsible for freeing dynamically allocated application handles.
4d8e9182c0ec20a67fe4eed4f3b148ceb19bf7b43682b701517e967385d3e755
Secunia Security Advisory - Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
9e548959c53d9df31528868848e54e4674085694b0edaebc92d5dac00e55cd92
Secunia Security Advisory - Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
79a31d9ffe87fb001702e0e6de17c6c372a4a6533dd2240e55e862abaeeb7f91
Secunia Security Advisory - A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service).
95bd95bd686c49818c3cc8b930ddab537752ecb5ca782071e3551b116f94343a
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.
da18a4d2d37e73098e152efb1a50d5c8372bbc862146d784897254720ee7ac8c
Secunia Security Advisory - Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.
929452614c534f73f864f4574ac52ee9b8ad64e4eda7b16b18891072db69fd5a
Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
b59bd4ade60bbd62822339118827c175a2a3f920e1d3c54c0c44e9e733a0613d
Secunia Security Advisory - A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.
24b81b1f91002255b2aa8f6138ecce1d206ed8cdd9da9bf0879e7bda5d301e39
Secunia Security Advisory - Fedora has issued an update for sepostgresql. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, bypass certain security restrictions, and compromise a vulnerable system.
d83a862aee72650d426d4b610d12845f0dd3d5ad410fab5b07d2a394d45968b4
Secunia Security Advisory - Fedora has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9bf7a011cfebd39c12e81f77f3e952975a19e26914b087d9fdf8a8c0b203cb54
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
b1eedb64fdffd59fabfb7ff12787782b29d783add909ce7ea381ce4c88838363
Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
9a111d5cdaa8c1070b2a3956d95d712253b72ddde8077f973b15e79fa25cf555
Secunia Security Advisory - A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
202436beef7e966bc3140bea793a317fac8b5acebee0a2d8a747b01b2555913a
Secunia Security Advisory - A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious people to bypass certain security restrictions.
22c2b89b042cbabc6d8ad03296d5e1b9558ba1a47f19b31628da6c747b44e6df
Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
cfa056447c7211cebe5a0432797324118469924c5614a24eecc317c222136328
Secunia Security Advisory - Red Hat has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
18a20b6594a5821afa5591432f3c8a3dc63900785da7f955a3268001fa0f6571
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
7b14bf927dfa2ec1325245f24330faf86db46f8315e9e05737882b8d749d4fdb