VMware Security Advisory - VMware Hosted products and ESX and ESXi patches resolve a security issue. Update patch 13 for ESX 2.5.5 updates the libpng Service Console RPM.
203a590a4bdbe48adceffe110e8cd59465f46fb0e57d0752d412221afaa50075Core Security Technologies Advisory - Ston3D StandalonePlayer and WebPlayer are vulnerable to a command injection vulnerability, which can be exploited by malicious remote attackers. The vulnerability is due to the Ston3D scripting language. It provides the function 'system.openURL()' which does not properly sanitize the input before using it. This can be exploited to execute arbitrary commands with the privileges of the Stone3D player by opening a specially crafted file.
ba901a044dfa0737878b1901f13a67a16f2cb60751e063e166d74890420fe9f5ECShop version 2.6.2 suffers from a remote php code execution vulnerability.
b017ac338a4c4eea455718e0313d298cd1aa7410e9ac0bba87478f95c9adf5d0Forum Scripts suffers from a MIME/Content-Type-Sniffing issue in the Image Uploads functionality.
731d326cfc3b0dc0cf864c7ff0fd1df5cfd3722ea797c3dba0783507d8e6e2f9PRTG Traffic Grapher suffers from a cross site scripting vulnerability in Monitor_Bandwidth. Versions 6.2.2.977 and below are affected.
321c5bd641d7df9b5b7765cbbc13dae0d7c0d8fc648870ce65102abccb73035dMozilla Firefox 3.x suffers from a remote denial of service vulnerability.
3dc1b9655716e15b6e5baacdba75bde317977a3227906edce4971b5f07d58c57Call for papers for the ACM CCS Workshops that will be colocated with the 16th ACM Conference on Computer and Communications Security (CCS) 2009. It will be held from November 9th through the 13th at the Hyatt Regency in Chicago, IL, USA.
a984874b41c7e48296ee249a32a0da083c7979edb41073f1971f7251ff3afa4fAdvchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.
996ccecf32af011b6f124af930c0277523a6a9a3d7da3cc3b2395019ff878867Zero Day Initiative Advisory 09-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user.
06af55d51064952f7f13cf601e31cd96c0508c0273c50c63b702501c76b5849aSmall Pirates version 2.1 suffers from SQL injection and cookie stealing vulnerabilities.
d89f7eb8dcde6fc5937f4bd5606bba68783386d6db9dbcfebf4294bb66a10bd1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed