«
Expand/Collapse
777 items tagged "arbitrary code"
Related tags:
target [+],
font files [+],
notice [+],
open document [+],
document text [+],
automated system [+],
data [+],
thin client [+],
the [+],
steve manzuik [+],
security advisory [+],
realnetworks [+],
protector [+],
plf [+],
php [+],
phillip langlois [+],
msf [+],
module updates [+],
module [+],
juri [+],
jonathan brossard [+],
command execution [+],
cisco anyconnect [+],
buffer overflow [+],
brossard [+],
blazedvd [+],
notebook [+],
manager [+],
juri aedla [+],
based buffer overflow [+],
zero day [+],
security notice [+],
zero [+],
memory corruption [+],
file [+],
buffer overflow vulnerability [+],
denial of service [+],
day [+],
vulnerability [+],
zenoss [+],
webapps [+],
vulnerable systems [+],
viewer [+],
vbseo [+],
usn [+],
usb devices [+],
tomas mraz [+],
system password [+],
syntax [+],
shell metacharacters [+],
security technologies [+],
security bulletin [+],
san [+],
root user [+],
reporter agent [+],
red hat security [+],
red [+],
raphael geissert [+],
python [+],
proof of concept [+],
proc [+],
plus [+],
php code [+],
openvas [+],
openfiler [+],
ogg files [+],
office [+],
memory regions [+],
memory operations [+],
memcpy [+],
markus vervier [+],
marc schoenefeld [+],
linux [+],
libxml [+],
lib [+],
level tasks [+],
julius plenz [+],
jonathan foote [+],
jon larimer [+],
injection [+],
hp ux [+],
hat [+],
hash tables [+],
hans spaans [+],
gentoo linux security [+],
gentoo [+],
font [+],
florian weimer [+],
express [+],
executable files [+],
excel user [+],
excel [+],
evince [+],
error condition [+],
empty string [+],
element properties [+],
edrawsoft [+],
dvi files [+],
deutf [+],
crystal reports [+],
condor [+],
command [+],
client [+],
character sequences [+],
character device [+],
burn [+],
bulletin [+],
brian gorenc [+],
attackers [+],
atrac codec [+],
array bounds [+],
application [+],
andy davis [+],
administrative privileges [+],
code execution [+],
webstudio [+],
vulnerable versions [+],
target system [+],
sipass [+],
siemens [+],
samba [+],
remote [+],
realplayer [+],
overflow [+],
ofbiz [+],
novell [+],
ndr [+],
mcrypt [+],
matthew hall [+],
locale data [+],
integrated [+],
indusoft [+],
hpsbux [+],
document applications [+],
buffer [+],
apache [+],
safer use [+],
vpndownloader [+],
vpn [+],
version [+],
use [+],
temporary files [+],
symantec [+],
security vulnerabilities [+],
secure [+],
reporter [+],
reader [+],
proxy servers [+],
programmer [+],
proftpd [+],
printer [+],
power [+],
packard [+],
oracle [+],
netop [+],
logbackuplocationstatus [+],
lattice [+],
java [+],
invision [+],
hpsbpi [+],
honeywellprocess [+],
enterprise [+],
easy [+],
diamond [+],
control [+],
cloud [+],
care [+],
building [+],
bugtraq [+],
board [+],
autostart [+],
arbitrary files [+],
adobe reader [+],
adobe [+],
attacker [+],
code [+],
application crash [+],
initiative [+],
user [+],
sitescope [+],
security [+],
ubuntu [+],
data protector [+],
zipgenius,
zip,
zdi,
yaman,
xosoft,
xine,
xemacs,
wuethrich,
workloads,
workaround,
word value,
word document,
website,
webkit,
web viewer,
web interface,
web,
vulnerability research,
visualization,
visual basic for applications,
video,
value,
valerio,
username field,
user assisted,
upload,
update,
uninitialized pointer,
txt,
tsm,
truetype font files,
total,
tomcat servlets,
tomas hoger,
thunderbird,
theo snelleman,
tgt,
ted mielczarek,
technical,
teaming,
svg,
suse security,
sun java runtime,
sun,
suite,
sudoedit,
sudo,
stefan cornelius,
stack overflow,
stack buffer,
ssrt,
spring framework,
spring,
sorenson video 3,
sorenson,
soliddb,
shockwave,
setup,
sesskey,
session cookie,
service,
server extension,
server,
series,
serenity audioplayer,
sensitive system,
segment,
security risks,
security problem,
security announcement,
security advisor,
secure path,
secunia,
sebastian krahmer,
scpc,
sco openserver,
scadatec,
scadaphone,
scada,
sarg,
sapgui,
sap,
sandbox,
safari web browser,
s system,
rxssetdatagrowthscheduleandfilter,
runas,
root privileges,
root privilege,
robert swiecki,
rob hulswit,
ricky zhou,
reporter generalutilities,
reporter engine,
reference,
realwin,
realmedia,
quicktime,
qqplayer,
puppet,
psp image,
protection,
process,
procedure sql,
powerpoint,
potential security vulnerability,
postscript font,
postgresql,
port 524,
pointer control,
pointer,
pnsize,
pls file,
player versions,
player,
pict,
phpscheduleit,
performance,
pdf,
pcvue,
path,
pamm,
pad,
packet data,
owc,
overflows,
overflow errors,
output management,
output,
org,
oracle user,
operations,
openview,
openoffice,
openjdk,
opcode,
omniinet,
officeimport,
office web components,
office art,
odbc,
ocx,
null byte,
novell iprint,
notes,
node,
nils philippsen,
new,
network node manager,
netweaver,
natty,
mycioscn,
music,
multiple,
mozilla,
mov file,
morten krakvik,
mimetype,
migration,
microsoft office user,
microsoft corp,
microsoft,
micro control,
michael wu,
metasploit,
memory,
mdvsa,
mcafee,
maxdb,
martin barbella,
markus wuethrich,
mandriva linux,
mandriva,
manager. authentication,
manager summaryreportgroup,
manager agent,
management web,
management,
lts,
lotus,
loop,
linuxshield,
linux security,
lintian,
librsvg,
library version,
library,
libmikmod,
libfontparser,
lgx,
lgserver,
l. minier,
kpl,
kononenko,
keyview,
keys files,
juniper secure,
jesse ruderman,
javascript engine,
java runtime environment,
java code,
issue,
ironport,
iprint,
ipj,
intellitamper,
integer overflow vulnerability,
integer overflow,
integer,
insight,
input file,
initialize,
impulse tracker,
imap,
imanager,
imailsrv,
image,
igss,
idefense security advisory,
idefense,
ideal,
ibm,
ian beer,
htmlurl,
htaccess file,
hpsbmu,
hpsbma,
hpsbgn,
hp power,
heap memory,
heap corruption,
heap,
group,
gnupg,
glsa,
gary kwong,
function,
freetype,
framework,
format strings,
font resources,
flvplayer,
flv,
flash,
firewall,
firefox,
file names,
ffmpeg,
fastback,
exploits,
execution,
exe component,
exe,
eugene,
escalation,
error,
enomaly,
endpoint,
emmanuel bouillon,
email attachment,
email,
elevation,
edgesight,
ecp,
dword value,
dvrobot,
dsa,
download,
dominik george,
dll module,
directory traversal vulnerability,
directory traversal,
director riff,
director,
dhcp server,
deploymentfilerepository,
definition,
defense,
default installation,
datac,
database,
dat,
daniel holbert,
cyber security,
cyber,
current user,
critical structures,
corruption,
core,
control management,
contacts,
component version,
component,
command line options,
code security,
code revision,
clamav,
citrix,
cisco webex,
cisco unified,
cisco security advisory,
cisco security,
cisco ironport,
cisco icm,
cid keyed postscript,
chris evans,
chat server,
business client,
business,
bujak,
builder,
browser engine,
browser,
boris zbarsky,
bof,
bluevoda,
bit,
bert hubert,
barbella,
avi parsing,
avi file,
avi,
autonomy,
automation,
auth,
audioplayer,
attack,
art,
array,
arithmetic,
arbitrary name,
application execution,
applet,
apple quicktime,
apple preview,
apple officeimport,
aol,
announcement,
alexander kurtz,
akamai,
agentx,
agent,
advisory,
adobe shockwave player,
adobe flash player,
adobe director,
administrative interface,
administrative,
activex control,
activex,
access,
Support
-
-
9:22
»
Packet Storm Security Exploits
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
9:22
»
Packet Storm Security Exploits
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
9:22
»
Packet Storm Security Recent Files
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
9:22
»
Packet Storm Security Recent Files
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
9:22
»
Packet Storm Security Misc. Files
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
9:22
»
Packet Storm Security Misc. Files
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
-
-
7:45
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.
-
7:45
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.
-
7:45
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.
-
7:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
7:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
7:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
-
10:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
16:57
»
Packet Storm Security Advisories
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:57
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:57
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
18:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
18:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
18:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
-
15:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
-
15:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
-
-
16:31
»
Packet Storm Security Advisories
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:31
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:31
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
8:20
»
Packet Storm Security Advisories
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
8:20
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
8:20
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
15:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
15:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
15:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
-
16:00
»
SecuriTeam
Invision Power Board is prone to a vulnerability that lets remote attackers execute arbitrary code.
-
-
23:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Excel's parsing of Feature11/Feature12 records. The process trusts a supplied counter value without validating its size and proceeds to use it within a copy operation to the stack. An attacker can abuse this to execute arbitrary code under the context of the user running Excel.
-
23:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Excel's parsing of Feature11/Feature12 records. The process trusts a supplied counter value without validating its size and proceeds to use it within a copy operation to the stack. An attacker can abuse this to execute arbitrary code under the context of the user running Excel.
-
23:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Excel's parsing of Feature11/Feature12 records. The process trusts a supplied counter value without validating its size and proceeds to use it within a copy operation to the stack. An attacker can abuse this to execute arbitrary code under the context of the user running Excel.
-
-
16:00
»
SecuriTeam
Remote attackers can exploit these issues to upload and download arbitrary files and execute arbitrary code in the context of the application.
-
-
15:27
»
Packet Storm Security Exploits
It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
-
15:27
»
Packet Storm Security Recent Files
It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
-
15:27
»
Packet Storm Security Misc. Files
It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
-
-
16:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
16:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
16:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
-
16:00
»
SecuriTeam
This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where the vulnerable versions of SIEMENS SiPass Integrated are installed.
-
-
19:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
19:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
19:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:00
»
SecuriTeam
HP-UX Running Java, is prone to a Remote Execution of Arbitrary Code Vulnerability.
-
-
6:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBUX02824 SSRT100970 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
-
-
17:00
»
SecuriTeam
This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where the vulnerable versions of SIEMENS SiPass Integrated are installed.
-
-
8:15
»
Packet Storm Security Advisories
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
8:15
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
8:15
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
-
9:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
-
-
23:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
23:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
23:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
-
17:00
»
SecuriTeam
This allows remote attackers to execute arbitrary code via unspecified vectors.
-
-
16:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:34
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:34
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
16:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
16:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
-
11:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
11:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
11:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
8:04
»
Packet Storm Security Advisories
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
8:04
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
8:04
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
-
10:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
10:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
10:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
-
8:24
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in Openfiler version 2.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'openfiler' user. The 'system.html' file uses user controlled data from the 'device' parameter to create a new 'NetworkCard' object. The class constructor in 'network.inc' calls exec() with the supplied data. The 'openfiler' user may 'sudo /bin/bash' without providing a system password.
-
8:24
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in Openfiler version 2.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'openfiler' user. The 'system.html' file uses user controlled data from the 'device' parameter to create a new 'NetworkCard' object. The class constructor in 'network.inc' calls exec() with the supplied data. The 'openfiler' user may 'sudo /bin/bash' without providing a system password.
-
8:24
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in Openfiler version 2.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'openfiler' user. The 'system.html' file uses user controlled data from the 'device' parameter to create a new 'NetworkCard' object. The class constructor in 'network.inc' calls exec() with the supplied data. The 'openfiler' user may 'sudo /bin/bash' without providing a system password.
-
-
18:42
»
Packet Storm Security Exploits
mcrypt versions 2.6.8 and below suffer from a vulnerability that is caused due to a boundary error in the processing of an encrypted file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .nc file. Successful exploitation could potentially allow execution of arbitrary code on the affected machine.
-
18:42
»
Packet Storm Security Recent Files
mcrypt versions 2.6.8 and below suffer from a vulnerability that is caused due to a boundary error in the processing of an encrypted file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .nc file. Successful exploitation could potentially allow execution of arbitrary code on the affected machine.
-
18:42
»
Packet Storm Security Misc. Files
mcrypt versions 2.6.8 and below suffer from a vulnerability that is caused due to a boundary error in the processing of an encrypted file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .nc file. Successful exploitation could potentially allow execution of arbitrary code on the affected machine.
-
-
7:21
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is update() which allows an unauthenticated user to update the admin credentials. This can lead to remote code execution under the context of the current process.
-
7:21
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is update() which allows an unauthenticated user to update the admin credentials. This can lead to remote code execution under the context of the current process.
-
7:21
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is update() which allows an unauthenticated user to update the admin credentials. This can lead to remote code execution under the context of the current process.
-
7:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:19
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getFileInternal() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:19
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getFileInternal() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:19
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getFileInternal() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
-
7:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. A remote attacker could abuse this vulnerability to login to SiteScope with administrative privileges then execute arbitrary code through the underlying functionality.
-
7:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. A remote attacker could abuse this vulnerability to login to SiteScope with administrative privileges then execute arbitrary code through the underlying functionality.
-
7:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. A remote attacker could abuse this vulnerability to login to SiteScope with administrative privileges then execute arbitrary code through the underlying functionality.
-
7:17
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
7:17
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
7:17
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
7:16
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.
-
7:16
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.
-
7:16
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.
-
-
20:43
»
Packet Storm Security Exploits
Express Burn Plus version 4.58 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
-
20:43
»
Packet Storm Security Recent Files
Express Burn Plus version 4.58 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
-
20:43
»
Packet Storm Security Misc. Files
Express Burn Plus version 4.58 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
-
-
19:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra component which listens by default on 13841/tcp. The hydra daemon is responsible for management remote operations such as user creation, snapshots, etc. Insufficient authentication is performed prior to performing administrative level tasks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
-
19:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra component which listens by default on 13841/tcp. The hydra daemon is responsible for management remote operations such as user creation, snapshots, etc. Insufficient authentication is performed prior to performing administrative level tasks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
-
19:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LeftHand Virtual SAN Appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra component which listens by default on 13841/tcp. The hydra daemon is responsible for management remote operations such as user creation, snapshots, etc. Insufficient authentication is performed prior to performing administrative level tasks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
-
19:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient signature checks with the Cisco AnyConnect VPN Client. When the client is invoked through the ActiveX control it downloads and checks a file called vpndownloader.exe. This file has to be properly signed by Cisco. Once this file is downloaded it is run and downloads additional configuration files. Within the downloaded config file it is possible to force a download of executable files. Those files are not properly checked for valid certificates and are run on the host as soon as they are downloaded.
-
19:40
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient signature checks with the Cisco AnyConnect VPN Client. When the client is invoked through the ActiveX control it downloads and checks a file called vpndownloader.exe. This file has to be properly signed by Cisco. Once this file is downloaded it is run and downloads additional configuration files. Within the downloaded config file it is possible to force a download of executable files. Those files are not properly checked for valid certificates and are run on the host as soon as they are downloaded.
-
19:40
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient signature checks with the Cisco AnyConnect VPN Client. When the client is invoked through the ActiveX control it downloads and checks a file called vpndownloader.exe. This file has to be properly signed by Cisco. Once this file is downloaded it is run and downloads additional configuration files. Within the downloaded config file it is possible to force a download of executable files. Those files are not properly checked for valid certificates and are run on the host as soon as they are downloaded.
-
19:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
19:40
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
19:40
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser.
-
18:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because the VPN AnyConnect helper program does not check the version number of the vpndownloader.exe program it downloads. As such it is possible to forcefully install an older version of the vpndownloader.exe that is vulnerable to previously patched issues.
-
18:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because the VPN AnyConnect helper program does not check the version number of the vpndownloader.exe program it downloads. As such it is possible to forcefully install an older version of the vpndownloader.exe that is vulnerable to previously patched issues.
-
18:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because the VPN AnyConnect helper program does not check the version number of the vpndownloader.exe program it downloads. As such it is possible to forcefully install an older version of the vpndownloader.exe that is vulnerable to previously patched issues.
-
-
15:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
15:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
15:34
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
-
-
21:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
21:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
19:36
»
Packet Storm Security Exploits
This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.
-
19:36
»
Packet Storm Security Recent Files
This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.
-
19:36
»
Packet Storm Security Misc. Files
This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.
-
-
21:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-116 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 04, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap. This user supplied value is also used to determine how many times a loop will parse the data into the buffer. Combined, the vulnerable code will allow for the heap to be corrupted. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
-
-
18:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
-
18:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
-
18:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
-
-
16:39
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
-
16:39
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
-
16:39
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
-
-
20:40
»
Packet Storm Security Exploits
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
-
20:40
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
-
20:40
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
-
8:34
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201206-8 - Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root. Versions less than 1.7.2.1 are affected.
-
8:34
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201206-8 - Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root. Versions less than 1.7.2.1 are affected.
-
8:34
»
Packet Storm Security Misc. Files
Gentoo Linux Security Advisory 201206-8 - Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root. Versions less than 1.7.2.1 are affected.
-
-
17:25
»
Packet Storm Security Advisories
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
8:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1436-1 - Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.
-
8:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1436-1 - Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.
-
-
19:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.
-
-
17:00
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability...
-
17:00
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability.
-
-
12:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
12:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
12:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
-
-
21:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
21:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
21:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
-
20:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
17:25
»
Packet Storm Security Exploits
This Metasploit module exploits a stack-based buffer overflow in NetOp Remote Control 9.5. When opening a .dws file containing a specially crafted string longer then 520 characters will allow an attacker to execute arbitrary code.
-
-
19:45
»
Packet Storm Security Advisories
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
-
8:40
»
Packet Storm Security Advisories
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
-
14:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
14:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
14:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
-
-
20:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
-
-
18:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
18:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
18:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
-
16:12
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
16:12
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
16:12
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
-
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:25
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
-
16:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
7:55
»
Packet Storm Security Exploits
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
7:55
»
Packet Storm Security Recent Files
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
7:55
»
Packet Storm Security Misc. Files
EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
-
-
20:29
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
20:29
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
20:29
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
-
3:11
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
3:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
-
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
7:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
7:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
-
13:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
13:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
13:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Advisories
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
15:49
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1335-1 - Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. Various other issues were also addressed.
-
-
16:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1333-1 - Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
16:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
-
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:00
»
SecurityFocus Vulnerabilities
[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
-
-
16:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
13:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
13:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1316-1 - Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.
-
-
11:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution