This Metasploit module exploits a buffer overflow in ABBS Audio Media Player. The vulnerability occurs when adding an .lst, allowing arbitrary code execution with the privileges of the user running the application. This Metasploit module has been tested successfully on ABBS Audio Media Player 3.1 over Windows XP SP3 and Windows 7 SP1.
8e7dbe90958fe8302802551dc7fa864bd2477fa21cadd92aa30a40e30889a87bUbuntu Security Notice 1895-1 - It was discovered that libvirt incorrectly handled certain storage pool requests. A remote attacker could use this issue to cause libvirt to consume resources, resulting in a denial of service.
cc8c5e950a851be9ee93ec12cbabf5a43f88343fc49fe60fc146fa4a1aa48612Mandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.
5c6452b9c7ec35b97c7fe08d04405fe45650f48c747ee8ca2febcb9671b8f929Real Player versions 16.0.2.32 and below suffer from a denial of service vulnerability.
ef659bfd5d0617b7a4f2de1976e29ae87d0164bbd37efe017b08f9288c9b767eThe Skype for Android application appears to have a bug which permits the Android lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the "attacker" is able to call the "victim" on Skype.
1f17a0819dccaa0a5f029a95da9300687b5d1a579f8f77e93ac5afba7e00263eXML-Sitemaps.com Sitemap Generator version 6.0 suffers from a cross site scripting vulnerability.
2bd42dbf91751de1628f25918e017d294b2f5f4b76c190a44f3b5310b1c37bf6Mandriva Linux Security Advisory 2013-190 - Stack-based buffer overflow in bmp parser. Updated autotrace package corrects the issue.
d4e436b09101da37934c11d538f3b6b951b6cda3fc4ab0b3620e62c0511de14dMandriva Linux Security Advisory 2013-189 - A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially-crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption. Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to which was specific to SSRF in pingback requests and was fixed in 3.5.1. Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors. Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins. The processing of an oEmbed response is vulnerable to an XXE. If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory. Content Spoofing in the MoxieCode MoxiePlayer project. Cross-domain XSS in SWFUpload.
3e869d97c655df62325e93db12a848e89fa7b202bd9d44aa6cf2f3bdfc8b51b0Mandriva Linux Security Advisory 2013-188 - Updated otrs package fixes security vulnerabilities. An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.
7d19a09f24ad02fd41db8729335c14e2fe8c6d59b8cc21103605f7e53a251c40Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.
b0c43d70dabde816e72333203f3561abb2c311b5c26d05e19a439e2952cf3e75Mandriva Linux Security Advisory 2013-187 - When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on every call to forceRequestBodyVariable (in phase 1).
8e9568efd15667c1287ddbf31ad02c896d6b93fac9ac4b3cc661e72f0dab2501Mandriva Linux Security Advisory 2013-191 - Updated fail2ban packages fix CVE-2013-2178. Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service.
789db71a44c938e575613058deef73fd5ca9c091e2a2e4ca5b0acbc94e31c7a3Feedly.com suffers from cross site scripting vulnerability that can be injected via a malicious RSS feed.
97a62552bc6341353fdb589f230aeb8974ed991a01bbafb2666d81a597e91a72FileCOPA HTTP server version 7.01 suffers from a remote denial of service vulnerability.
a76ee35b0f7d759c4d562adf3a1d14a9cc94da28a97598e0df3beb4ea33e0cbeThis is a whitepaper called Simple Weevely Guide. It is written in Portuguese.
8c2b5a41f39788d44fc3d28422da6b1e9b25562ea89d908c4cd70a1e3ba22f5dMachform Form Maker 2 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
7f42c27f6e28d5a9e1f2ce8ed5dc1aa4c22b31529a3dbbefb780bc816ddb4efcWordPress category-grid-view-gallery plugin suffers from a cross site scripting vulnerability.
d50895115abdef51a1d31cf22905f2b4da78d91bf38eed7eb6e91bbe058103faWordPress Feed plugin suffers from a remote SQL injection vulnerability.
3c9014585a2a98dd1c953e82d1074c0017746df91597cdedfeac5f4ea54ba306
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed