WordPress WP Star Rating plugin suffers from a remote SQL injection vulnerability.
7dac28384266cc675e4d9a02e4c652fb7e180c3f643fcaac8c2948a3e5ff532aZero Day Initiative Advisory 11-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ' tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.
1560eac1178a6b8c0716b0a811e0c7664004c1cdfcbeaef89d196dd74e976ae1Zero Day Initiative Advisory 11-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid 'pseq' tag, the process can be forced to overflow an integer value during an arithmetic operation. The newly calculated value is then used to allocate memory on the heap. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
50143877d3e4b4885557fb15e037b0186033700efd7594e5f0abe8ee9ff99046Zero Day Initiative Advisory 11-183 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid MultiLanguage 'mluc' tag it is possible to cause an integer to wrap during an arithmetic operation. This new value is used to allocate memory on the heap. A remote attacker can abuse the faulty code to execute code under the context of the user running the browser.
7e0d49ef311a48a90d62b1e21bf5d79a85918153e08ac3ba9add9aadb19c1620Zero Day Initiative Advisory 11-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. If the underlying DOM element is cloned and the parent object removed, a dangling reference can exist. When the module attempts to walk the relationship list to call the window hook, the process can be made to jump into uninitialized heap memory. This can be exploited by an attacker to execute code under the context of the user running the browser.
85736bd649bf4812a9393b9c6ab6c4eabca3f9fe0c7db63a9b00d0baddbd29e2Red Hat Security Advisory 2011-0858-01 - The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service . Various other issues were also addressed.
1322afc9e163b1accbe04131a1f2a00f8a9ce70a16cc72b304a79fe535bc6706Red Hat Security Advisory 2011-0857-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
afd4e81a2dd219864c346af58a66fae5a0fae7090eba420dd5e3b78ed53286c9Red Hat Security Advisory 2011-0856-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
8a1c7e56402963170d1f3c42e5ff1376f2c517a2432f75d3a4f6714cd83cad69Secunia Security Advisory - A vulnerability has been reported in Prosody, which can be exploited by malicious people to cause a DoS (Denial of Service).
1fcf5a18ed71d68568e95c46646d13475d7a097b5aa052750e6dd5f05879a684Secunia Security Advisory - A vulnerability has been reported in LuaExpat, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
f9fe609e7e603db12ef3380101787c39117a3b7ae67428bb79256f228c51b50fSecunia Security Advisory - Multiple vulnerabilities have been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system.
4a4fd021a3e263adbe68a43d8b41c003d29412b32daf5f9ac4a486400c60e6c3Secunia Security Advisory - Fedora has issued an update for couchdb. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
a84c7cbe058c74eb71bba453f9c43950624332f1a3e8b6b00d1c400218a35004Secunia Security Advisory - Debian has issued an update for oprofile. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
3b6b1b13b171c8348917b7df967054ec35ea6c1a556e32aead51fa7f34ae536bSecunia Security Advisory - A vulnerability has been reported in Black Box Veri-NAC, which can be exploited by malicious people to disclose sensitive information.
3bce93b4e77a6f7f45f7c935eef76a868c08e6ac2d06b1202f501cf32396c604Secunia Security Advisory - Patrick Webster has reported multiple vulnerabilities in Squiz Matrix, which can be exploited by malicious people to conduct cross-site scripting attacks.
071cfaae8c773a16da33d1a9652db9aab0ac5e714d1e054efefa0c4d41566fc7Secunia Security Advisory - Fedora has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a7ffdb6e120399d8c62e1828a6cbaee8cd3cc4a26b4dac916c3ec5dbfdf8ccbfSecunia Security Advisory - Russ McRee has discovered a vulnerability in Silex, which can be exploited by malicious people to conduct cross-site scripting attacks.
d65202032a0dda5211323a4021b6581c6bcf22dbee7eea8b0fa135633021b497Secunia Security Advisory - Stefan Schurtz has discovered multiple vulnerabilities in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
c03813741f50ce2593b1d89053611bcb765cbe19ba8f3f86e1e8319d5660d10cSecunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose potentially sensitive information, conduct injection attacks, bypass certain security restrictions, and potentially compromise a user's system.
de23dcb83c14346c0700b16f3a93ddf20572b94b906ed92a516f4757fdd4ffe8Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
576680641c3b205e28c199a302ae9b6ae66834d904ab8566c0046910e74f2e7aSecunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d6f6b4c34fdaadf64239b4d9ca14a2007d4a2c0c47bd870315160846b5cdbfacSecunia Security Advisory - Multiple vulnerabilities have been reported in HP Service Manager and Service Center, which can be exploited by malicious, local users to gain access to potentially sensitive information, by malicious users to conduct script-insertion attacks and bypass certain security restrictions, and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions.
b15da978341f5d5e67a27e58ee1f0e94eb917578b279a024e3775ee7880b44b9Secunia Security Advisory - A security issue has been reported in the Data::FormValidator module for Perl, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
bb449747abb92dce6a2456ba010f867c615d529284264d6443b8c7a463a197acSecunia Security Advisory - Revelation Space has reported a security issue in NetGear ProSafe Wireless-N Access Point WNDAP350, which can be exploited by malicious people to disclose sensitive information.
1f48d0902c7b4a6a77e6c5d2783a0af5c862239b7ae8f8a01f3cf69a0d3c331bSecunia Security Advisory - A weakness has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.
54ea0758339c1732ae0e5c788897c526cc846767badd7a5102dd9e8a4fa800d4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed