eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a stack overflow in the way QuickTime processes qtif format files. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
f381d5232929605ca4544156e61651d6220094f6bc738402ffb8bfa678a9c719Cisco Security Advisory - The Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains a default password for an undocumented administrative account. This password is set, without any user intervention, during installation of the software used by CS-MARS appliances, and is the same in all installations of the product. Users must be authenticated to the CS-MARS command line in order to utilize the default password to access the administrative account. Software version 4.1.2 and earlier of CS-MARS are affected by this vulnerability. Customers running software version 4.1.3 or higher can mitigate the effects of this vulnerability by applying the workaround listed in this advisory.
d4f3424c2aa15b7e9158c3cac90ddd89ad3408aa27512049c22d68e012d8c449Ubuntu Security Notice USN-240-1 - A buffer overflow was found in bogofilter's character set conversion handling. Certain invalid UTF-8 character sequences caused an invalid memory access. By sending a specially crafted email, a remote attacker could exploit this to crash bogofilter or possibly even execute arbitrary code with bogofilter's privileges.
ebbb65da3cf6d20f483c9fac201edc1ee60fd1478e10d11c4cc1ee6487792a59Apple Quicktime is susceptible to a buffer overflow vulnerability during the handling of .JPG/.PICT files. This vulnerability affects Windows Quicktime versions 6.5.1, 7.0.3, and Mac OSX Quicktime version 7.0.3. Earlier versions are suspected vulnerable.
b66634cd6d4fb2048a91ab2a67fdb0d970c66b96ecc12f1fe54e00032f40bff6Proof of concept file inclusion exploit for PHP scripts that suffer from this sort of vulnerability.
22e75534ac29d070b879bb660bfd710f4b8a0cd93dfcde41c7c1172cf5eead53Superonline.com is susceptible to a cross site scripting attack.
230f660f7f9eb9febae0cf5667fb136fce656d584f13c15347c8454a71588538FreeBSD Security Advisory - ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.
b38cd8ef482c561df679f578513cab445b16a6b986a0729f301d0dc0adb15098FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.
aabdd726e7f1d21c64dd7f601f42432a072639283866afd5cb5d75fd085e4063slsnif aka Serial Line Sniffer version 0.4.4 local root exploit.
7044dc09ab1c2fff2e8facb27b5f8da29335f2ec94b707262a3868eef911a178MyPhPim version 01.05 is susceptible to cross site scripting and SQL injection vulnerabilities. Exploitation details provided.
eeef0931b9afa48322ab03f07593527991dc7fd8d24cba2c2378ba282718c777
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed