CMS Aspect Web Design suffers from a remote SQL injection vulnerability in product_details.php.
464d9d52f524f408573339caba9f680ce9f20e8b80ed6c603312852b880b03b6Photodex ProShow Gold version 4 universal buffer overflow exploit for XP SP3.
f90365be4611b3e2e19f4ebdef4091feeae51aa2855bb28233e11dff3df11805FreeBSD versions 6.1 and below kqueue() NULL pointer dereference race condition local root exploit.
1954132bfa966f8b2f00fbd93282630ff392c376db14de7c34bfa84008a1c31bVarious BSD derived operating systems suffer from various vulnerabilities due to the setusercontext() function.
2c3e7e83b2f80025efe09e3bbad5c78624d782ab98b8cb97ba294434a3188293VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800Adobe Flex versions 3.3 SDK suffers from a DOM-based cross site scripting vulnerability.
19e76a5fdee8f5a3cec432ecfb64d9d3567085717670c7c1135650fe4d2e853bUbuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.
82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528eDUgallery version 3.0 suffers from a direct access administrative bypass vulnerability.
f229be20cbb39ab7cf30175f8cca2387d6355236e7ce81c4b0eaff50fd2829a3Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
b7b6877b1d7e4631f1bd26baae92087f511563b1a0c96034f9ac6c168a3ad3ddSubdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.
7b4bec39033aaebc234421eca70130735ece872362a0900ffd11de68eabd92f9Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.
83a5ca9356239d87e4ee7b67aae57b4f6ad8215675c0a25f01e285653678684eCuteflow version 2.10.3 suffers from a remote security bypass vulnerability in edituser.php.
213ac3be579adf6f91dc31e93fe9376ce5dcec4b96c1143c20529091e85969b6A priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.
7277b13091eb3553c7da2530db4737b3d0b5253256270e22c23d401ccea3d267Kaspersky AV/IS 2010 suffers from a denial of service vulnerability in avp.exe.
9d63e4708659427d237e63fca4e3def2b651fefaefc21800b2fd8d9caf8dcb21CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.
23841421c5001f9dc9ee18df624a55e0b47662b59340b4152f572bc4ada45613Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.
713281e09eed7d4b3cb6bce52be62e03b55db7f8b28a6b682d83aee938aef8b6Facebook suffered from a cross site request forgery vulnerability.
7f02ac72318135f6300fd96d932348f416039da38ac4c866eded589974d11a20Geeklog version 1.6.0sr1 suffers from an arbitrary remote file upload vulnerability.
be09299269e9a6813b6077f704fb7219ab0d41bc960a28310262b58be41b7be2A bypass vulnerability exists against the cross site scripting protection in the OWASP ESAPI.
cb7596702d627eb416c2300a8cad6361171854a2fa24054ae30b467069eb6cbbiDefense Security Advisory 08.11.09 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). iDefense has confirmed the existence of this vulnerability inside Microsoft' ATL and MFC. This vulnerability appears to be limited to MFC version 3.0. Any source code compiled with these libraries may also be vulnerable.
edf512cb6aeb0c9390b72abd37b17a7b330c0d5d4e8ffa3daeb55ff3ca91c23dProShow Gold suffers from buffer overflow vulnerabilities.
381b7ca0a44ec4a671e376d4889f03cd447c48907b253b99e786aa461d1a5789iDefense Security Advisory 07.28.09 - Remote exploitation of an information disclosure vulnerability in Microsoft's ATL/MFC ActiveX template, as included in various vendor's ActiveX controls, allows attackers to read memory contents within Internet Explorer. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL version 9.0. Any source code compiled with these libraries may also be vulnerable. Previous versions may also be affected.
c267c222d9c34b1a2d7d1db54912e2fbbb444fafe882d61044c1ce0bd64bd46fiDefense Security Advisory 07.28.09 - Remote exploitation of a logic flaw vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code, as included in various vendors' ActiveX controls, could allow attackers to bypass ActiveX security mechanisms. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL and MFC. Although later versions of the ATL/MFC are less vulnerable, certain conditions can trigger the same exploit pattern.
d87248b69d8604013d1f30ba472eab8230eac08a11208461df8766f80fcdfc2eiDefense Security Advisory 08.11.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged on user. When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Office XP Service Pack 3.
7e86dfe50c26093d7d93ca00213f5b882ccab246101ee1b9ba9aba393a3b05fa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed