Microsoft Internet Explorer suffers from a MHTML protocol handler cross site scripting vulnerability.
160d145b3bfc93edecbe246e18822b9903984206681fb0c6ec6c3e7f1a4ed245PHP Link Directory Software suffers from a remote SQL injection vulnerability.
57b7901f6905dd85b444014c9af38b43c2b8774bc222176019e14d43efaea0f7A denial of service vulnerability exists in Symantec Antivirus Intel Alert Handler service. Remote unauthenticated attackers can exploit this vulnerability by sending a malicious packet to the target service.
9e9991cc21baae425527d30468a81b8551b7dcfe14ef58362a4b2b29ec346383PHP Classified Ads Software suffers from a remote blind SQL injection vulnerability.
af79a70a9e814146165ea6ab750f919456c34db97175e1ac02b674ec40f4142bA-PDF All to MP3 Converter version 2.0.0 .wav file buffer overflow exploit.
69bbd2b289d69a71a0f7fd474738827220511ff1813b77c46e5c66cbdfc7c403Adobe ColdFusion suffers from cross site scripting and disclosure vulnerabilities.
7c7ad4468042f3270eec5cd9989f3673a89812a25841b893851bef7513bdfbdaVirtuosa Phoenix Edition version 5.2 ASX SEH overwrite buffer overflow exploit.
749fce3f25d6fa7d553bcff6da5c4a63ea30974cb6529e17b7768d7e22dac7dfFreeBSD local denial of service exploit that causes a forced reboot.
74e9ff916c830d783aa31aad9f51279b50bb6492d981404c7bf0b44fa6c5ff5428 bytes small execve(/bin/sh) Linux/x86 shellcode.
f110cec41bd0509221fb58aebe8b1f0931c65ac9acecece227d1817f7628559ePHP Script Directory Software suffers from a remote SQL injection vulnerability.
5f253844aa6aaf6311db2795e28e8fb5ca53f9a19c227fa6c0a8a6f488101fe3WM Downloader version 3.1.2.2 2010.04.15 .m3u file buffer overflow exploit with DEP bypass.
7cadac710a443dbd30fcec1a6323a195ed9936803f39c055d005ea763e3bbd23PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
e06110e2b20079e0d9fb1b832cdcf370b6219a06289390dfd813e33087d1d1f6Zero Day Initiative Advisory 11-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the vidplin.dll module. A buffer is allocated according to the user supplied length value. User supplied data is then copied into the allocated buffer, without verifying length, allowing the data to be written past the bounds of the previously allocated buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running RealPlayer.
4f7950d9ccf3d68425f9191e5a7209d82c5c781ecff8aa6a2fee13835b4b1f2bDebian Linux Security Advisory 2152-1 - Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code.
0df6f5b11ac25a100ac343d9019576add718e67970fb289d33591ed5333270e8Zero Day Initiative Advisory 11-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Intel Alert Originator (iao.exe) service. While processing messages sent from the msgsys.exe process a size check can be bypassed and a subsequent stack-based buffer overflow can be triggered. This can be leveraged by remote attackers to execute arbitrary code under the context of the Alert service.
c66e997ca909ee69d691b418c9af54257ad3ef41ac951045ce3fe41ece7cfba0Zero Day Initiative Advisory 11-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied pin number string using sprintf without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
9103f2f8bde5dc8bae7d14c1434a934a1d5d3d0af76a5626963e2a56a0d79579Zero Day Initiative Advisory 11-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagehndl.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied modem string without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
5582eb66895609940331c18a336a7faf107bac4bf5c35e9a3be4db447ed8e117Ubuntu Security Notice 1052-1 - It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented.
7b17cc6f05973bd79811492179b2b66c2f3275af2843ddc9ebae4ac3103af427Zero Day Initiative Advisory 11-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HDNLRSVC.EXE service while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. This process passes user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable daemon.
7374c4395937828b4c9608b5274a8438294d68ae60ae99dea9195de9b79871b6Zero Day Initiative Advisory 11-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AMSLIB.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied string using memcpy without validating the size. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the vulnerable daemon.
089534d8e241bfd9582905aa5c96f9b5ef41c1541a8cdde40fa0a1612acdc0daVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "gwwww1.dll" module when processing the "TZID" variable within VCALENDAR data, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Novell GroupWise versions 8.02 HP 1 (Hot Patch 1) and prior are affected.
557a0d52962a3aa35a46283e0d6a0cfda538de61310dc2fbd2a456f7e11679c3HP Security Bulletin HPSBMA02626 SSRT100301 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
6a5d144de2e59fa328472770123f025419e67db0b1c7bb92a5d2f72a8366cd20
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed