Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
960a25eea990a9902d14efab4e3a34f0474b74b37170712fc6197db3c937a15eSecunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
473015367ef0eea0a25f5af5e93b268a8c2b94f4c278fb37d6fab71b2071ad79Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. An error within the "VwStreamRead()" function (vsdrw.dll) can be exploited to cause a heap-based buffer overflow. A boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. Another boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. An integer underflow error within the "VwStreamOpen()" function (vswk6.dll) can be exploited to cause an out-of-bounds write memory access. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
6083d4b0f7e6c245ac2afcefff040394406e2fbaf871dd15e639d6e22aa2d867Secunia Research has discovered a vulnerability in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. The vulnerability is confirmed in version 0.18.10. Prior versions may also be affected.
bcd48fc6eb4e40963e7ce2ee323443dc05561563d89e833840cc165dc0babb83Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) can be exploited to trigger a division by zero via specially crafted NOKIARAW file. The vulnerabilities are confirmed in version 0.18.11. Prior versions may also be affected.
4613e82ee83759da6d65852d98e41add198de465ce0b423e487854f90211db04VMware Security Advisory 2018-0018 - VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues.
ac793487dee1f719e0455536c96faccc176ed19f06986d195987b2869376caafThis Microsoft advisory notification includes advisories released or updated on July 19, 2018.
72dc18ef0b81f7af9a5ebd17c77350fe5e5a8b61b5a41870c8794bab3379caf3This Microsoft bulletin summary holds CVE updates for CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, and CVE-2018-8356.
6a9893632ff3a78baae4a0071f0a0b023b6c2bdab05366341ac2b013f90376d0RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
028e0f072d0782b26e0ffe1aa7b8b85f2030bab0d4ec5bd24005493c11b5fa30The National Instruments Linux driver package suffers from a remote code injection (software update) vulnerability.
583aba1c966b02f9bbfab9bc9ac711477ba3f166b683c8f6625e88147c6c15d7Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.
df883ee3bce61fab76fb737953e569c776dce1d344a6385409a6926c2d6cf3ef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed