Invision Power Board versions 3.0.5 and below suffer from a cross site scripting vulnerability.
f5ecd36d1a1ad6114652c5f28b4f938c181c6c1af539be6780b70b9424dc2f4bAnantasoft Gazelle CMS version 1.0 suffers from a cross site request forgery vulnerability.
04f0af3a3f6f6f2274852ff6ce45258268fe1788ff9fbdd81e4dba8fe9e30e62PGAUTOPro suffers from cross site scripting and remote SQL injection vulnerabilities.
a069a03a5d9f8333d8d26305cf5ddfc50fb3486d353d94c4e8dea6a146fecea7iDefense Security Advisory 06.10.10 - Remote exploitation of a use-after-free vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a certain image type within a certain function. The image is positioned at a location on a linked list. On return from the function, an object is de-allocated and a stale pointer continues to reference the object. Arbitrary code execution can occur when the object is used after it has been de-allocated. Memory that was previously allocated for the object can used by an attacker.
9e07db74934db5698c0e993f536ed62632bd848e27f07ef35c997b47335cd501Remote exploitation of an array indexing vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of certain types of Adobe Flash code, a certain function may be tricked into accepting an overly large index argument. The index argument may reference a memory location outside the bounds of memory allocated for an array object. Arbitrary code execution can occur when an index is calculated to point to a sensitive memory location, and the memory location is overwritten with specially crafted values.
a7b8f0d00950e67ca3d60669a5c6ab9ddff0ca81169c217f2a1cd6d4caa8c7f1Mandriva Linux Security Advisory 2010-113 - The SMB dissector could dereference a NULL pointer. J. Oquendo discovered that the ASN.1 BER dissector could overrun the stack. The SMB PIPE dissector could dereference a NULL pointer on some platforms. The SigComp Universal Decompressor Virtual Machine could go into an infinite loop. The SigComp Universal Decompressor Virtual Machine could overrun a buffer.
2716ef57d381854ade482b7af1cf95ce25199d7feb6a8a5c2831662a771daf9eZero Day Initiative Advisory 10-107 - This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products. The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private key allows an attacker to decrypt and monitor SSL communications with the target.
6c1f7c72cecfdda2c5bd00f78898504dca0e18f3922a6ade59a10ad82f6cdc89Mandriva Linux Security Advisory 2010-115 - Multiple vulnerabilities has been discovered and corrected in Safe.pm which could lead to escalated privileges. The updated packages have been patched to correct these issues.
36f21e4276a78e4439758638503920720b47ea7ed8c3499fb0c30db947d81b37Mandriva Linux Security Advisory 2010-116 - Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies. The updated packages have been patched to correct these issues.
278ee32972da2900f2577f8e89442cf702bae4ae30d56a75844b8ed4546a7c97Mandriva Linux Security Advisory 2010-114 - ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID. The updated packages have been patched to correct this issue.
8ede52ba6bf48b2ace4089d61b2f0146381bed005f2980a12737101bc68b1814Solarwinds TFTP version 10.4.0.13 remote denial of service exploit.
17b4cee44db4f487f60f319a9277e525c1e65dc901469beb37ca900113b1f8f5eLMS Pro suffers from cross site scripting and remote SQL injection vulnerabilities.
2ed6dca5534ccffd4b21516672bfccb31534e22efc585b1885035516b39dc3dbSimple to Use Property Management System suffers from cross site scripting and remote SQL injection vulnerabilities.
9ace29ed81e1a41cd0b1ec2ffdd269ff9749a885d3eb3a2b09f7cfbabd3e8ddbUbuntu Security Notice 950-1 - It was discovered that MySQL did not check privileges before uninstalling plugins. It was discovered that MySQL could be made to delete another user's data and index files. It was discovered that MySQL incorrectly validated the table name argument of the COM_FIELD_LIST command. Other issues were also addressed.
6a36e126dcc1c3ca3fcb8360eb1f926672de115329183f50ba298671b834f235VUPEN Vulnerability Research Team discovered a vulnerability affecting Microsoft Windows. The vulnerability is caused by a memory corruption within the kernel-mode device driver "Win32k.sys" when handling Device Contexts (DC) via the "GetDCEx()" function, which could be exploited by local attackers to gain ring0 privileges via a specially crafted application.
471632af4e10eb0cecd7d5eb20421f61e27b561c6dbf40db0fb74659199d6c65VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a heap overflow error when processing malformed EDG (recType 0x88) and Publisher (recType 0x89) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
1de13ccc9ad2c70c46501098358970ea06f49b469024b4df9cf8eff576ea8a62VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a buffer overflow error when processing malformed HFPicture (recType 0x866) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
c42e282c333ee7179a1abb732fa303b2cd18cbd6de3e31d6152da91b3a5c206bVUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a buffer overflow error when processing malformed ExternName (recType 0x23) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
004dc02bc1e794a06937ae55cbf4193b4187062c65ab33abdfd4879d7ae71f07Global Real Estate Agent suffers from bypass and remote SQL injection vulnerabilities.
8f4b916756c260adcc0fed5a4950dbd1e022b9ef69bffc1904c9bc04c5a6a051VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The vulnerability is caused by a heap corruption error when processing malformed RTD (recType 0x813) records, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
da6cbe6f1d803f271d6cbe0d4517ff46d414454332fb2644a5279171105ebb2eMicrosoft Office Excel suffers from a stack overflow vulnerability when parsing malformed RTD records.
65d017dd307ae6bae63e08318763177a093d35e576bb82cf7271e40e9b2394c8Microsoft Office Excel suffers from a heap corruption vulnerability when processing malformed WOPT records.
47c763bb8f54c7febc4699f2ed7e1f51151d4cb2880a9769e4e31c2afc0a337aMicrosoft Office Excel suffers from memory corruption vulnerability when processing malformed SxView records.
e1ff6fdfebf9850035be3b6fda7fb8d8637cad8f86f35f63f1e23283b325b636Technical Cyber Security Alert 2010-159A - According to Adobe, there is a vulnerability in Adobe Flash. This vulnerability affects Flash Player, Reader, Acrobat, and possibly other products that support Flash. A remote attacker could exploit this vulnerability to execute arbitrary code.
92d4d10d9876e9f473c2b97c245bf320a1cd8e2ed321e0718a268d019d732f99
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed