«
Expand/Collapse
627 items tagged "arbitrary code"
Related tags:
tomas hoger [+],
target [+],
security advisory [+],
buffer [+],
security [+],
php [+],
attackers [+],
advisory [+],
ubuntu [+],
data protector [+],
total [+],
steve manzuik [+],
stack buffer [+],
security bulletin [+],
ricky zhou [+],
red hat security [+],
realplayer [+],
puppet [+],
protector [+],
php code [+],
phillip langlois [+],
memory corruption [+],
manager. authentication [+],
jonathan brossard [+],
javascript engine [+],
defense [+],
data [+],
bulletin [+],
buffer overflow vulnerability [+],
brossard [+],
arbitrary files [+],
application crash [+],
suite [+],
red [+],
notebook [+],
integer [+],
font [+],
file [+],
apache [+],
notice [+],
security notice [+],
security vulnerabilities [+],
novell [+],
hpsbmu [+],
control [+],
based buffer overflow [+],
adobe [+],
safer use [+],
zipgenius [+],
zip [+],
yaman [+],
viewer [+],
vbseo [+],
usn [+],
usb devices [+],
theo snelleman [+],
tgt [+],
temporary files [+],
syntax [+],
suse security [+],
shockwave [+],
server [+],
sensitive system [+],
segment [+],
security announcement [+],
scadatec [+],
scadaphone [+],
scada [+],
safari web browser [+],
s system [+],
root user [+],
realwin [+],
qqplayer [+],
procedure sql [+],
proc [+],
postscript font [+],
pointer control [+],
pointer [+],
pnsize [+],
player versions [+],
player [+],
pict [+],
pcvue [+],
overflow [+],
opcode [+],
omniinet [+],
ogg files [+],
office [+],
mycioscn [+],
mozilla [+],
mov file [+],
microsoft corp [+],
micro control [+],
memory regions [+],
mcafee [+],
martin barbella [+],
markus vervier [+],
libxml [+],
lib [+],
keys files [+],
juri [+],
jonathan foote [+],
jon larimer [+],
issue [+],
integer overflow [+],
htaccess file [+],
hat [+],
gentoo linux security [+],
function [+],
flash [+],
file names [+],
exe component [+],
evince [+],
error condition [+],
error [+],
emmanuel bouillon [+],
element properties [+],
edrawsoft [+],
dword value [+],
dvrobot [+],
dvi files [+],
deutf [+],
default installation [+],
current user [+],
condor [+],
command line options [+],
brian gorenc [+],
bert hubert [+],
barbella [+],
autostart [+],
automated system [+],
array bounds [+],
application [+],
announcement [+],
andy davis [+],
adobe flash player [+],
activex control [+],
activex [+],
code [+],
code execution [+],
zero day [+],
zero [+],
denial of service [+],
vulnerability [+],
webstudio [+],
svg [+],
phpscheduleit [+],
ofbiz [+],
matthew hall [+],
manager [+],
locale data [+],
linux [+],
librsvg [+],
juri aedla [+],
indusoft [+],
gentoo [+],
freetype [+],
cid keyed postscript [+],
day [+],
attacker [+],
use [+],
symantec [+],
soliddb [+],
service [+],
security problem [+],
secure [+],
reporter engine [+],
reporter agent [+],
remote [+],
reader [+],
proxy servers [+],
proftpd [+],
printer [+],
oracle [+],
officeimport [+],
novell iprint [+],
netop [+],
logbackuplocationstatus [+],
iprint [+],
ibm [+],
hpsbpi [+],
hpsbgn [+],
gnupg [+],
glsa [+],
enterprise [+],
edgesight [+],
easy [+],
control management [+],
code security [+],
cloud [+],
client [+],
citrix [+],
care [+],
bugtraq [+],
automation [+],
adobe reader [+],
user [+],
font files [+],
idefense security advisory [+],
buffer overflow [+],
initiative [+],
idefense [+],
firefox [+],
realnetworks [+],
zdi,
xosoft,
xine,
xemacs,
wuethrich,
workloads,
workaround,
word value,
word document,
website,
webkit,
web viewer,
web interface,
web,
vulnerable systems,
vulnerability research,
visualization,
visual basic for applications,
video,
value,
valerio,
username field,
user assisted,
upload,
update,
uninitialized pointer,
txt,
tsm,
truetype font files,
tomcat servlets,
thunderbird,
ted mielczarek,
technical,
teaming,
sun java runtime,
sun,
sudoedit,
sudo,
stefan cornelius,
stack overflow,
ssrt,
spring framework,
spring,
sorenson video 3,
sorenson,
setup,
sesskey,
session cookie,
server extension,
series,
serenity audioplayer,
security technologies,
security risks,
security advisor,
secure path,
secunia,
sebastian krahmer,
scpc,
sco openserver,
sarg,
sapgui,
sap,
sandbox,
rxssetdatagrowthscheduleandfilter,
runas,
root privileges,
root privilege,
robert swiecki,
rob hulswit,
reporter generalutilities,
reference,
realmedia,
quicktime,
psp image,
protection,
process,
powerpoint,
potential security vulnerability,
postgresql,
port 524,
pls file,
performance,
pdf,
path,
pamm,
pad,
packet data,
packard,
owc,
overflows,
overflow errors,
output management,
output,
org,
oracle user,
operations,
openview,
openvas,
openoffice,
openjdk,
office web components,
office art,
odbc,
ocx,
null byte,
notes,
node,
nils philippsen,
new,
network node manager,
netweaver,
natty,
music,
multiple,
morten krakvik,
module,
mimetype,
migration,
microsoft office user,
microsoft,
michael wu,
metasploit,
memory,
mdvsa,
maxdb,
markus wuethrich,
marc schoenefeld,
mandriva linux,
mandriva,
manager summaryreportgroup,
manager agent,
management web,
management,
lts,
lotus,
loop,
linuxshield,
linux security,
lintian,
library version,
library,
libmikmod,
libfontparser,
lgx,
lgserver,
l. minier,
kpl,
kononenko,
keyview,
juniper secure,
jesse ruderman,
java runtime environment,
java code,
java,
ironport,
ipj,
intellitamper,
integer overflow vulnerability,
insight,
input file,
injection,
initialize,
impulse tracker,
imap,
imanager,
imailsrv,
image,
igss,
ideal,
ian beer,
htmlurl,
hpsbma,
hp power,
heap memory,
heap corruption,
heap,
group,
gary kwong,
framework,
format strings,
font resources,
flvplayer,
flv,
firewall,
ffmpeg,
fastback,
exploits,
execution,
exe,
eugene,
escalation,
enomaly,
endpoint,
email attachment,
email,
elevation,
ecp,
dsa,
download,
dominik george,
dll module,
directory traversal vulnerability,
directory traversal,
director riff,
director,
dhcp server,
deploymentfilerepository,
definition,
datac,
database,
dat,
daniel holbert,
cyber security,
cyber,
critical structures,
corruption,
core,
contacts,
component version,
component,
code revision,
clamav,
cisco webex,
cisco unified,
cisco security advisory,
cisco security,
cisco ironport,
cisco icm,
chris evans,
chat server,
business client,
business,
bujak,
builder,
browser engine,
browser,
boris zbarsky,
bof,
bluevoda,
bit,
avi parsing,
avi file,
avi,
autonomy,
auth,
audioplayer,
attack,
art,
array,
arithmetic,
arbitrary name,
application execution,
applet,
apple quicktime,
apple preview,
apple officeimport,
aol,
alexander kurtz,
akamai,
agentx,
agent,
adobe shockwave player,
adobe director,
administrative interface,
administrative,
access,
Support
-
-
17:25
»
Packet Storm Security Advisories
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
8:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1436-1 - Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.
-
8:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1436-1 - Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.
-
-
19:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
-
12:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
12:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
12:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
-
21:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
21:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
21:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
20:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
17:25
»
Packet Storm Security Exploits
This Metasploit module exploits a stack-based buffer overflow in NetOp Remote Control 9.5. When opening a .dws file containing a specially crafted string longer then 520 characters will allow an attacker to execute arbitrary code.
-
-
19:45
»
Packet Storm Security Advisories
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
-
8:40
»
Packet Storm Security Advisories
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
-
14:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
14:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
14:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
-
20:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
-
-
18:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
18:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
18:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
-
16:12
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
16:12
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
16:12
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:25
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
-
16:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
7:55
»
Packet Storm Security Exploits
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
7:55
»
Packet Storm Security Recent Files
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
7:55
»
Packet Storm Security Misc. Files
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
-
20:29
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
20:29
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
20:29
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
-
3:11
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
7:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
7:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
-
13:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
13:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
13:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Advisories
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
-
16:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
-
-
16:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
13:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
13:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
-
11:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
16:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
16:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
-
10:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Engine.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:39
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
16:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
16:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
-
7:59
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
-
7:59
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
-
7:59
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
-
-
8:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1267-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
8:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1267-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
8:44
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1267-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
-
7:48
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
7:48
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
7:48
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
-
18:26
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:26
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:26
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
8:25
»
Packet Storm Security Advisories
Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.
-
8:25
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.
-
8:25
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.
-
-
7:54
»
Packet Storm Security Advisories
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
7:54
»
Packet Storm Security Recent Files
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
7:54
»
Packet Storm Security Misc. Files
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
-
7:41
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
7:41
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
7:41
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
-
-
23:31
»
Packet Storm Security Exploits
This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
-
23:31
»
Packet Storm Security Exploits
This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
-
23:31
»
Packet Storm Security Misc. Files
This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
-
22:56
»
Packet Storm Security Advisories
iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
-
22:56
»
Packet Storm Security Recent Files
iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
-
22:56
»
Packet Storm Security Misc. Files
iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
-
-
9:42
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201110-1 - Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Multiple vulnerabilities have been discovered in OpenSSL. Versions less than 1.0.0e are affected.
-
9:42
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201110-1 - Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Multiple vulnerabilities have been discovered in OpenSSL. Versions less than 1.0.0e are affected.
-
9:42
»
Packet Storm Security Misc. Files
Gentoo Linux Security Advisory 201110-1 - Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Multiple vulnerabilities have been discovered in OpenSSL. Versions less than 1.0.0e are affected.
-
-
18:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1223-2 - USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem. It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
18:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1223-2 - USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem. It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
18:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1223-2 - USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem. It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
-
11:18
»
Packet Storm Security Advisories
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
11:18
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
11:18
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
-
13:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:56
»
Packet Storm Security Advisories
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
8:56
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
8:56
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
-
12:10
»
Packet Storm Security Exploits
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
-
12:10
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
-
12:10
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
-
-
15:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
14:56
»
Packet Storm Security Advisories
iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
-
14:56
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
-
14:56
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.13.11 - Remote exploitation of an integer signedness vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative 'iax' field.
-
-
22:52
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1289-01 - The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code.
-
22:52
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1289-01 - The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code.
-
22:52
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1289-01 - The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code.
-
-
15:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
-
15:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
-
15:01
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.
-
-
20:17
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:17
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:17
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:15
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.
-
20:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.
-
20:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.
-
-
18:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1194-1 - It was discovered that the foomatic-rip Foomatic filter incorrectly handled command-line options. An attacker could use this flaw to cause Foomatic to execute arbitrary code as the "lp" user. In the default installation, attackers would be isolated by the CUPS AppArmor profile.
-
18:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1194-1 - It was discovered that the foomatic-rip Foomatic filter incorrectly handled command-line options. An attacker could use this flaw to cause Foomatic to execute arbitrary code as the "lp" user. In the default installation, attackers would be isolated by the CUPS AppArmor profile.
-
18:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1194-1 - It was discovered that the foomatic-rip Foomatic filter incorrectly handled command-line options. An attacker could use this flaw to cause Foomatic to execute arbitrary code as the "lp" user. In the default installation, attackers would be isolated by the CUPS AppArmor profile.
-
-
0:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1192-2 - USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
0:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1192-2 - USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
0:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1192-2 - USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
0:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
0:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
0:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
-
8:32
»
Packet Storm Security Advisories
Ubuntu Security Notice 1191-1 - Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
-
8:32
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1191-1 - Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
-
8:32
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1191-1 - Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
-
5:12
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02695 SSRT100480 2 - Potential security vulnerabilities have been identified with HP OpenView Performance Insight. The vulnerabilities could be exploited remotely to execute arbitrary code by HTML injection, to gain unauthorized access, and for cross site scripting (XSS). Revision 2 of this advisory.
-
-
22:17
»
Packet Storm Security Advisories
SUSE Security Announcement - Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows. Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user.
-
22:17
»
Packet Storm Security Recent Files
SUSE Security Announcement - Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows. Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user.
-
22:17
»
Packet Storm Security Misc. Files
SUSE Security Announcement - Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows. Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user.
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:34
»
Packet Storm Security Advisories
HP Security Bulletin HPSBMU02695 SSRT100480 - Potential security vulnerabilities have been identified with HP OpenView Performance Insight. The vulnerabilities could be exploited remotely to execute arbitrary code by HTML injection and to gain unauthorized access. Revision 1 of this advisory.
-
21:34
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBMU02695 SSRT100480 - Potential security vulnerabilities have been identified with HP OpenView Performance Insight. The vulnerabilities could be exploited remotely to execute arbitrary code by HTML injection and to gain unauthorized access. Revision 1 of this advisory.
-
21:34
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBMU02695 SSRT100480 - Potential security vulnerabilities have been identified with HP OpenView Performance Insight. The vulnerabilities could be exploited remotely to execute arbitrary code by HTML injection and to gain unauthorized access. Revision 1 of this advisory.
-
21:20
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
21:20
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
21:20
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
-
19:04
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
19:04
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
19:04
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
-
20:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
20:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:15
»
Packet Storm Security Advisories
Ubuntu Security Notice 1173-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
8:15
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1173-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
8:15
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1173-1 - It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
-
20:08
»
Packet Storm Security Advisories
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
20:08
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
20:08
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1172-1 - It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. Various other issues were also addressed.
-
14:57
»
Packet Storm Security Advisories
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.'s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
14:57
»
Packet Storm Security Recent Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.'s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
14:57
»
Packet Storm Security Misc. Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.'s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
14:53
»
Packet Storm Security Advisories
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
14:53
»
Packet Storm Security Recent Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
14:53
»
Packet Storm Security Misc. Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
-
17:58
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-235 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within En_Utility.dll. A module called from CASProcessor.exe running on TCP port 20801. A specially crafted packet with malformed BLOB encrypted data, is handled by HandleMcpRequest(), and contains instructions that will allow for an integer wrap, leading to a heap overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the SYSTEM.
-
17:58
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-235 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within En_Utility.dll. A module called from CASProcessor.exe running on TCP port 20801. A specially crafted packet with malformed BLOB encrypted data, is handled by HandleMcpRequest(), and contains instructions that will allow for an integer wrap, leading to a heap overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the SYSTEM.
-
17:58
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-235 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within En_Utility.dll. A module called from CASProcessor.exe running on TCP port 20801. A specially crafted packet with malformed BLOB encrypted data, is handled by HandleMcpRequest(), and contains instructions that will allow for an integer wrap, leading to a heap overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the SYSTEM.
-
-
14:29
»
SecuriTeam
A potential security problem has been identified with HP Client Automation Enterprise software running on Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
4:47
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
-
4:47
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
-
4:47
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
-
-
16:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-226 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight. Authentication is not required to exploit this vulnerability. The flaw exists within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
16:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-226 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight. Authentication is not required to exploit this vulnerability. The flaw exists within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
16:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-226 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight. Authentication is not required to exploit this vulnerability. The flaw exists within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
-
14:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
14:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:27
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
-
23:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
-
23:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
-
23:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
23:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
23:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
-
-
20:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
20:39
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
12:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
12:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
12:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
-
12:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
-
12:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
-
12:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
12:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
12:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
14:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
14:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution