Secunia Security Advisory - High-Tech Bridge SA has reported two vulnerabilities in web@all, which can be exploited by malicious people to conduct cross-site request forgery and scripting attacks.
f4bd4e96008d5b6ac8f832713290429b1255863db618986ff70ab112bceee662Secunia Security Advisory - Multiple vulnerabilities have been reported in WordPress, which can potentially be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose sensitive information.
15be7cde33a8db9ada8895b84d2495a90bb972719503744d7123465457b7f815Secunia Security Advisory - Red Hat has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
9590d5ca316bcde9bdb940de278eae44de6672a62a157a3334a72a2b13e7dccaSecunia Security Advisory - Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.
66c516ffae04ad2a578953355a9cb64003715abf209faf304d945f80e1c21449Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.
2ffdb1b79f6350a6b1c59f73fc4db5995a244069b27644ae7fa8ed71ce83bd10Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.
cd27edde6cd85413bf8781b815a1b0670f0cbba1090f388be591bab4be7a61afSecunia Security Advisory - Multiple vulnerabilities have been reported in the Job Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
7af47828ffe2a74c460a3c167ab441ff957e3aba0bf449ef81b03a8ea322543eCisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.
49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472Zero Day Initiative Advisory 12-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within he way Quicktime handles Text Track Descriptors. Values for almost all of the text descriptors recognized by quicktime will be read into a fixed size buffer. This can lead to a heap based buffer overflow which can result in remote code execution under the context of the current process.
dbf5f7b5d2c56a334d965efc1089ddc6773033fa814118e2b2ade2ce11d35611Zero Day Initiative Advisory 12-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.
eabbee78d8eade63ec066cd6d6608ab4a06b4c1ef10668b60197c14c5b8086e8Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
f1c0ec875d5f1f6611aaccba87f70c3dded4662ef965ecfd7279dddd6300d5f0Zero Day Initiative Advisory 12-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the exposed GetDriverSettings method in the nipplib component imported by ienipp and npnipp. When encountering a realm parameter this user supplied value's length is not properly verified before copying into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
dad2278a888a8b86768114f8246f8e419ae73d969cf93902e9da0f392a230cc8Zero Day Initiative Advisory 12-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Cognos. Authentication is not required to exploit this vulnerability. The flaw exists within the tm1admsd.exe component. This process listens on TCP port 5498 by default. Requests to the service include a request type field, a data length field, and a data field. Multiple request types (opcodes) fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
948d1a63f76e7397259aaddc98b7c87f1d5c6ecaaaaa72a571270335007c2ac7Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
40872e53db04f39bca6a732865f07e2f6c917473b1e6b14b9b3cf3270a04df6dChiangrai Enter Soft Design suffers from a remote SQL injection vulnerability.
e301577863b80f8afebc3fab0af02f6a7bc28c1cefa52659a270e1b1dd1244ebBallast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.
9b72c8fd503ebd25cdbebb177f28dba5b59183730431d92ae584879271c90addHP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.
856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7dThis is a local exploit for Real Player 10 Gold that uses a division by zero to trigger an exception handler.
bef48a2af7c152b4698cbb3e2c9b4d15795525b8bf8b700a9f8abe631953ac07VLC version 2.0.1 suffers from an avi playlist denial of service vulnerability.
6400dd1a7d12ff853c19c53043a4fdc93b5051de204e01bf898e62de9dd1b0daTop Nepal suffers from a remote SQL injection vulnerability.
3ba635007f36f932c35f438db58d698a1d107c3d5ab8dd5f34fde15067be1fb9Rubysoft Solutions suffers from a remote SQL injection vulnerability.
ba290eedef8200b1eb3154a06936e7759014d52573641910f37674f180b975c1Rhdesign suffers from a remote SQL injection vulnerability.
994b3f6e5919e91c1ef54e6bb6a1a043d9a4a5d9b2f422fabca853fc9f8a7e19Rainbowdigital suffers from a remote SQL injection vulnerability.
99d02de14a1f053395b2d6291f379842ae9851cf7644f89cd9216c54bd15763fPixel Identity suffers from a remote SQL injection vulnerability.
53f5fcf3cc37318783474b06a01479a5a240e95c4363fa65ca213b751405f7d5MUSOYAN suffers from a remote SQL injection vulnerability.
e648a2199ca11ed45130c62574b55d301604796519c02fe8df2432b5d4b892f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed