«
Expand/Collapse
377 items tagged "integer overflow"
Related tags:
ubuntu [+],
paris [+],
apache [+],
heap [+],
vxsvc [+],
vlc [+],
research [+],
patch [+],
parser [+],
oracle [+],
microsoft [+],
math libraries [+],
libxml [+],
libsndfile [+],
glibc [+],
c api [+],
application crash [+],
vupen [+],
user [+],
poc [+],
notice [+],
memory [+],
media [+],
java [+],
exploits [+],
apple quicktime [+],
apple mac os x [+],
apple mac os [+],
security [+],
xspf [+],
xen [+],
vlc media player [+],
virdomaingetvcpus [+],
sftp [+],
reader [+],
proftpd [+],
org [+],
openoffice [+],
nargs [+],
multiple buffer overflow [+],
mod [+],
linux kernel [+],
libvirt [+],
library [+],
invalid index [+],
gnu [+],
ghostscript [+],
function [+],
bugtraq [+],
array object [+],
adobe shockwave player [+],
activex control [+],
integer [+],
xnview [+],
x imageio [+],
winamp versions [+],
webkit [+],
version [+],
updates [+],
text [+],
teechart [+],
stack overflow [+],
size [+],
security vulnerabilities [+],
s codesys [+],
rocco calvi [+],
red hat enterprise [+],
realplayer user [+],
quicktime [+],
png library [+],
png images [+],
player [+],
objects [+],
null pointers [+],
null pointer [+],
null [+],
nsv [+],
mozilla firefox [+],
microsoft reader [+],
memory issues [+],
linux kernels [+],
libvirtd [+],
library modules [+],
keyview [+],
kernel packages [+],
jbig [+],
ioctl [+],
htaccess file [+],
hash values [+],
gnu c library [+],
gdi [+],
foundation administrator [+],
format string [+],
font [+],
flaw [+],
exif [+],
eric blake [+],
corruption [+],
component [+],
chip [+],
c library [+],
byte values [+],
buffer overflow [+],
avi processing [+],
avi [+],
autonomy [+],
attacker [+],
ascii strings [+],
arithmetic operation [+],
arbitrary code [+],
application [+],
apple security [+],
apache http server version [+],
apache http server [+],
adobe [+],
activex [+],
mandriva linux [+],
overflow [+],
based buffer overflow [+],
zdi [+],
value [+],
usa [+],
tzfile [+],
trun [+],
server [+],
security patches [+],
scrn [+],
product patches [+],
pro face [+],
php 5 [+],
php [+],
numberformatter [+],
ngs [+],
microsoft gdi [+],
gstreamer [+],
emf [+],
chen haogang [+],
analysis [+],
adobe flash player [+],
linux [+],
mandriva [+],
red hat security [+],
linux security [+],
zero [+],
advisory [+],
xpdf [+],
xmms skins [+],
xmms [+],
windows [+],
wholetext [+],
veritas [+],
underflow [+],
tssa [+],
tiff library [+],
tiff integer [+],
technical [+],
symantec [+],
storage [+],
sterling trader [+],
sterling [+],
skins [+],
shockwave [+],
service [+],
security research [+],
secunia [+],
samplecount [+],
runtime [+],
realplayer [+],
realnetworks [+],
quot [+],
opera [+],
opentype [+],
notification [+],
net [+],
microsoft windows [+],
main loop [+],
kernel [+],
java runtime environment [+],
iputils [+],
ins [+],
informix dynamic server [+],
informix [+],
information disclosure vulnerability [+],
idefense security advisory [+],
idefense [+],
iconics [+],
icc [+],
ibm [+],
gnome [+],
getsymbol [+],
genesis [+],
framework [+],
flash [+],
ffmpeg [+],
environment [+],
encoding [+],
dynamic [+],
dll module [+],
denial [+],
createdashedpath [+],
control [+],
btrfs [+],
base64 encoding [+],
base [+],
avi parsing [+],
atom [+],
apr util [+],
apr [+],
apple webkit [+],
adobe acrobat [+],
red [+],
memory corruption [+],
hat [+],
denial of service [+],
day [+],
overflow error [+],
vulnerability [+],
proof of concept [+],
debian [+],
oracle java [+],
code execution [+],
code [+],
overflow code [+],
array [+],
zero day [+],
initiative [+],
multiple [+],
mozilla [+],
heap corruption [+],
firefox [+],
winamp [+],
zsl,
ziv,
ziproxy,
xulrunner,
xml,
x freetype,
x common,
woff,
winamp player,
vulnerability research,
vulnerabilities,
vmware,
vma,
utilities,
usn,
update,
ubisoft,
txt,
thunderbird,
thumbnail,
tetex,
tero rontti,
swftools,
surface,
sun solaris 10,
subsystem,
strfmon,
service vulnerability,
selection range,
selection,
security notice,
sap,
safer use,
safari browser,
safari,
s system,
root privileges,
remote,
real networks,
rafal wojtczuk,
python language,
python,
proxy,
protector,
profile,
processing,
problem,
prl,
postgresql,
position error,
port,
poppler,
png,
pict,
penetration,
parsing,
paint version,
paint,
overflow errors,
outlook express,
outlook,
notice 974,
new,
module,
modo,
microsoft paint,
message,
media operations,
mdvsa,
martin barbella,
marc schoenefeld,
mail,
lxo,
luxology modo,
luxology,
load c,
libtiff,
library version,
libbz,
lempel ziv,
leadtools,
jpeg,
issue,
invalid pointer,
instantiate,
input,
imageop,
http header,
hashtable,
glsa,
glpng,
glib library,
giop,
ghost recon,
ghost,
gentoo linux security,
freetype,
freebsd security,
freebsd sa,
flv,
filesystem utilities,
filesystem,
ext,
excel,
dsa,
dicom images,
denial of service attack,
ddivrt,
data protector,
data,
dalili,
cve,
css selectors,
crystal reports,
correction,
controller area network,
color profile,
color,
code microsoft,
chris evans,
bzip2,
bzip,
bz2 file,
buffer overflows,
browser engine,
browser,
brad spengler,
ben hawkes,
barbella,
avtech software,
automated system,
apple itunes
-
-
16:27
»
Packet Storm Security Advisories
A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
-
16:27
»
Packet Storm Security Recent Files
A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
-
16:27
»
Packet Storm Security Misc. Files
A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
-
-
12:22
»
Packet Storm Security Exploits
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
12:22
»
Packet Storm Security Recent Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
12:22
»
Packet Storm Security Misc. Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
-
17:02
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2447-1 - Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.
-
-
15:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
-
15:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
-
15:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
-
-
19:38
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0393-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
-
19:38
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0393-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
-
19:38
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0393-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
-
-
3:11
»
Packet Storm Security Exploits
An integer overflow was found in the iputils/ping_common.c main_loop() function. This issue can lead to a denial of service condition.
-
-
7:31
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
-
7:31
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
-
7:31
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
-
-
19:48
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0333-01 - Updates have been made to the Linux kernel. SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access to the entire block device. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. Various other issues have also been addressed.
-
19:48
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0333-01 - Updates have been made to the Linux kernel. SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access to the entire block device. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. Various other issues have also been addressed.
-
19:48
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0333-01 - Updates have been made to the Linux kernel. SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access to the entire block device. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. Various other issues have also been addressed.
-
-
21:06
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
-
21:06
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
-
21:06
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
-
-
14:46
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2410-1 - Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
-
14:46
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2410-1 - Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
-
14:46
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2410-1 - Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
-
-
15:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1356-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
15:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1356-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
15:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1356-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
-
17:31
»
Packet Storm Security Advisories
Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.
-
17:31
»
Packet Storm Security Recent Files
Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.
-
17:31
»
Packet Storm Security Misc. Files
Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.
-
-
16:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:22
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.
-
9:22
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.
-
9:22
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.
-
-
20:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
5:11
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
-
5:11
»
Packet Storm Security Recent Files
Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
-
5:11
»
Packet Storm Security Misc. Files
Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
-
-
16:51
»
Packet Storm Security Exploits
3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
-
16:51
»
Packet Storm Security Recent Files
3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
-
16:51
»
Packet Storm Security Misc. Files
3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
-
-
10:02
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.
-
10:02
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.
-
10:02
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.
-
-
13:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:34
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM)
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:14
»
SecuriTeam
Oracle Java Contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:33
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-175 - Multiple security vulnerabilities has been discovered and corrected in poppler. An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file. Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. Multiple other vulnerabilities have been addressed as well. The updated packages have been patched to correct these issues.
-
20:33
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-175 - Multiple security vulnerabilities has been discovered and corrected in poppler. An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file. Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. Multiple other vulnerabilities have been addressed as well. The updated packages have been patched to correct these issues.
-
20:33
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-175 - Multiple security vulnerabilities has been discovered and corrected in poppler. An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file. Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file. Multiple other vulnerabilities have been addressed as well. The updated packages have been patched to correct these issues.
-
-
10:34
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:29
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:29
»
SecuriTeam
Oracle Java ICC Profile Contains an Integer Overflow and Code Execution Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
7:54
»
Packet Storm Security Advisories
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
7:54
»
Packet Storm Security Recent Files
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
7:54
»
Packet Storm Security Misc. Files
An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
-
-
23:25
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
-
23:25
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
-
23:25
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
-
23:25
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
-
-
15:37
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. The updated packages have been patched to correct this issue. Packages were missing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.
-
15:37
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. The updated packages have been patched to correct this issue. Packages were missing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.
-
15:37
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. The updated packages have been patched to correct this issue. Packages were missing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.
-
-
10:13
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in the Ichitaro speed reader (jtdsr.dll) when parsing QLST chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
-
10:13
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in the Ichitaro speed reader (jtdsr.dll) when parsing QLST chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
-
10:13
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in the Ichitaro speed reader (jtdsr.dll) when parsing QLST chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Version 10.3 is affected.
-
-
11:18
»
SecDocs
Authors:
Jeongwook Oh Tags:
reverse engineering exploiting bug hunting Event:
Black Hat USA 2010 Abstract: We already have many kinds of binary patching systems available. There are commercial ones and free ones. But the current implementations only concentrate on finding the difference between binaries. But what the security researchers really want from the patch analysis is security patches. Sometimes it's very hard to locate security patches because they are buried inside normal feature updates. The time for locating the security patches will increase drastically as more feature updates are included in the released patches. This is especially true with all the Adobe and Sun product patches. They tend to mix security patches and feature updates. In that case, we need another way to boost the speed of the analysis. The automatic way to locate the security patches! This can be done by analyzing the patched parts and see if it has some specific patterns that the usual security patches have. Some integer overflow will have some comparison against the boundary integer values. And buffer overflow will involve the vulnerable "strcpy" or "memcpy" replaced with safer functions. Even free-after-use type bug has their own patch patterns. We will present all the common patterns that we saw and also present way to locate them using pattern matching. But there can be more thing to be done in addition to this simple approach. You can introduce static taint analysis to binary diffing world. You can trace back all the suspicious variables(expressed as register value or memory location) found in the patch by using binary diffing. And you can see if they are controllable or taint-able from the user controllable input like network packets or user supplied file input. This automatic security patch locating ability will be beneficial to the IPS rule writers. They can spend more time in concentrating on what really matters instead of spending time to find the actual parts to analyze. To achieve all these, I upgraded the current implementation of "DarunGrim(http://www.darungrim.org)" binary diffing system to support pattern matching and static taint analysis. It will become DarunGrim v3. DarunGrim is the most featured opensource binary diffing implementation. I will show how fast we can locate the vendor patches that, otherwise, will take few hours using other tools. All the updated source code will be released at the presentation.
-
11:17
»
SecDocs
Authors:
Jeongwook Oh Tags:
reverse engineering exploiting bug hunting Event:
Black Hat USA 2010 Abstract: We already have many kinds of binary patching systems available. There are commercial ones and free ones. But the current implementations only concentrate on finding the difference between binaries. But what the security researchers really want from the patch analysis is security patches. Sometimes it's very hard to locate security patches because they are buried inside normal feature updates. The time for locating the security patches will increase drastically as more feature updates are included in the released patches. This is especially true with all the Adobe and Sun product patches. They tend to mix security patches and feature updates. In that case, we need another way to boost the speed of the analysis. The automatic way to locate the security patches! This can be done by analyzing the patched parts and see if it has some specific patterns that the usual security patches have. Some integer overflow will have some comparison against the boundary integer values. And buffer overflow will involve the vulnerable "strcpy" or "memcpy" replaced with safer functions. Even free-after-use type bug has their own patch patterns. We will present all the common patterns that we saw and also present way to locate them using pattern matching. But there can be more thing to be done in addition to this simple approach. You can introduce static taint analysis to binary diffing world. You can trace back all the suspicious variables(expressed as register value or memory location) found in the patch by using binary diffing. And you can see if they are controllable or taint-able from the user controllable input like network packets or user supplied file input. This automatic security patch locating ability will be beneficial to the IPS rule writers. They can spend more time in concentrating on what really matters instead of spending time to find the actual parts to analyze. To achieve all these, I upgraded the current implementation of "DarunGrim(http://www.darungrim.org)" binary diffing system to support pattern matching and static taint analysis. It will become DarunGrim v3. DarunGrim is the most featured opensource binary diffing implementation. I will show how fast we can locate the vendor patches that, otherwise, will take few hours using other tools. All the updated source code will be released at the presentation.
-
-
17:59
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1264-01 - The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer must be restarted for the changes to take effect.
-
17:59
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1264-01 - The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer must be restarted for the changes to take effect.
-
17:59
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1264-01 - The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer must be restarted for the changes to take effect.
-
-
7:58
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
-
7:58
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
-
7:58
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
-
-
22:10
»
Packet Storm Security Recent Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Tools
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Misc. Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
-
20:14
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1197-01 - Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
20:14
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1197-01 - Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
20:14
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1197-01 - Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
-
20:54
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.
-
20:54
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.
-
20:54
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.
-
16:27
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-263 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.
-
16:27
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-263 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.
-
16:27
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-263 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.
-
16:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.
-
16:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.
-
16:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.
-
-
13:18
»
Packet Storm Security Exploits
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
13:18
»
Packet Storm Security Recent Files
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
13:18
»
Packet Storm Security Misc. Files
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:11
»
Packet Storm Security Advisories
Apple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
-
16:11
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
-
16:11
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
-
-
19:42
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
-
19:42
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
-
19:42
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
-
19:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
-
19:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
-
19:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
-
-
8:15
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
8:15
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
8:15
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
7:35
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1019-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
7:35
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1019-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
7:35
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1019-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
-
-
17:58
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1084-01 - The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.
-
17:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1084-01 - The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.
-
17:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1084-01 - The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.
-
-
14:38
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2280-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe.
-
14:38
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2280-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe.
-
14:38
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2280-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe.
-
-
6:41
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0927-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. Various other issues were also addressed.
-
6:41
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0927-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. Various other issues were also addressed.
-
6:41
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0927-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. Various other issues were also addressed.
-
-
7:22
»
Packet Storm Security Advisories
A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.
-
7:22
»
Packet Storm Security Recent Files
A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.
-
7:22
»
Packet Storm Security Misc. Files
A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.
-
-
6:14
»
Packet Storm Security Exploits
Winamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
-
-
22:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. Before the allocation, the application will add 0x14 bytes to the result. Due to restrictions imposed on the implementation of this component by the language and it's platform, an integer overflow can be made to occur. This can lead to code execution under the context of the application.
-
22:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. Before the allocation, the application will add 0x14 bytes to the result. Due to restrictions imposed on the implementation of this component by the language and it's platform, an integer overflow can be made to occur. This can lead to code execution under the context of the application.
-
22:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. Before the allocation, the application will add 0x14 bytes to the result. Due to restrictions imposed on the implementation of this component by the language and it's platform, an integer overflow can be made to occur. This can lead to code execution under the context of the application.
-
-
16:05
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll is affected by an integer overflow caused by the allocation of the input size plus 1 and the subsequent copying of the input string using the original size. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
16:05
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll is affected by an integer overflow caused by the allocation of the input size plus 1 and the subsequent copying of the input string using the original size. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
16:05
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll is affected by an integer overflow caused by the allocation of the input size plus 1 and the subsequent copying of the input string using the original size. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
-
14:49
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2257-1 - Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.
-
14:49
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2257-1 - Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.
-
14:49
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2257-1 - Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.
-
-
8:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a 'scrn' tag, the process reads a user specified value describing the number of scrn objects in the file. This value is multiplied with the size of an scrn object possibly resulting in an integer overflow. This value is then used to allocate memory to hold all the scrn objects. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
-
8:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a 'scrn' tag, the process reads a user specified value describing the number of scrn objects in the file. This value is multiplied with the size of an scrn object possibly resulting in an integer overflow. This value is then used to allocate memory to hold all the scrn objects. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
-
8:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a 'scrn' tag, the process reads a user specified value describing the number of scrn objects in the file. This value is multiplied with the size of an scrn object possibly resulting in an integer overflow. This value is then used to allocate memory to hold all the scrn objects. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.
-
-
17:36
»
Packet Storm Security Exploits
VLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.
-
-
17:15
»
Packet Storm Security Exploits
Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
-
17:15
»
Packet Storm Security Recent Files
Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
-
17:15
»
Packet Storm Security Misc. Files
Microsoft Reader versions 2.1.1.3143 and below and versions 2.6.1.7169 and below suffer from an integer overflow caused by a controlled memmove. Proof of concept code included.
-
-
16:21
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.
-
16:21
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.
-
16:21
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.
-
-
7:26
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2185-1 - It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service.
-
7:26
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2185-1 - It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service.
-
7:26
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2185-1 - It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service.
-
-
14:36
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-073 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. This leads to the allocation of a small buffer which can subsequently be overflowed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running Reader.
-
14:36
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-073 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. This leads to the allocation of a small buffer which can subsequently be overflowed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running Reader.
-
14:36
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-073 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. This leads to the allocation of a small buffer which can subsequently be overflowed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running Reader.
-
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:31
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-014 - Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The updated packages have been patched to correct this issue.
-
18:31
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-014 - Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The updated packages have been patched to correct this issue.
-
18:31
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-014 - Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The updated packages have been patched to correct this issue.
-
-
17:18
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
17:18
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
17:18
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.
-
-
13:33
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:50
»
Packet Storm Security Advisories
Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
-
17:50
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
-
17:50
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
-
-
17:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:35
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:22
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-255 - Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue.
-
16:22
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-255 - Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue.
-
16:22
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2010-255 - Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue.
-
-
7:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-273 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing an .AAC file containing a malformed MLLT atom. The application utilizes a size specified in this data structure for allocation of a list of objects. To calculate the size for the allocation, the application will multiply this length by 8. If the multiplication results in a value greater than 32 bits an integer overflow will occur. When copying data into this buffer heap corruption will occur which can lead to code execution under the context of the currently logged in user.
-
7:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-273 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing an .AAC file containing a malformed MLLT atom. The application utilizes a size specified in this data structure for allocation of a list of objects. To calculate the size for the allocation, the application will multiply this length by 8. If the multiplication results in a value greater than 32 bits an integer overflow will occur. When copying data into this buffer heap corruption will occur which can lead to code execution under the context of the currently logged in user.
-
7:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-273 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing an .AAC file containing a malformed MLLT atom. The application utilizes a size specified in this data structure for allocation of a list of objects. To calculate the size for the allocation, the application will multiply this length by 8. If the multiplication results in a value greater than 32 bits an integer overflow will occur. When copying data into this buffer heap corruption will occur which can lead to code execution under the context of the currently logged in user.
-
-
21:03
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.
-
21:03
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.
-
21:03
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.
-
-
4:12
»
Packet Storm Security Advisories
An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
-
4:12
»
Packet Storm Security Recent Files
An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
-
4:12
»
Packet Storm Security Misc. Files
An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.
-
-
14:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-221 - OpenOffice.org software suffers from multiple issues. Multiple vulnerabilities was discovered and corrected in the Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Heap-based buffer overflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Integer underflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Other issues have also been addressed.
-
14:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-221 - OpenOffice.org software suffers from multiple issues. Multiple vulnerabilities was discovered and corrected in the Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Heap-based buffer overflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Integer underflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Other issues have also been addressed.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution