Novell Netstorage suffers from cross site scripting and denial of service vulnerabilities.
9eed18c6c8f4bc12af41a5a4f256eeb71124d7de5d24e27afebf1272d05f0e09The Aurora Nutritive Analysis module suffers from multiple cross site scripting vulnerabilities.
64b55d35b08b32a03568ea6913df10a7d91b73e73ff7ddbc58f09bcad03effe7iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during decompression when, to calculate the size of a heap buffer, the code manipulates several integers in the file. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s JRE version 1.6.0_11 for Windows and Linux.
45f6f1ff008d7faa9a03ca57e555cc3f216424f6906bc9343bc797edf47efefaiDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary PNG file to the splash logo parsing code. The vulnerability occurs when parsing a PNG file used as part of the splash screen. When parsing the image, several values are taken from the file and used in an arithmetic operation that calculates the size of a heap buffer. This calculation can overflow, which results in an undersized buffer being allocated. This buffer is later overflowed with data from the file. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.
2d38f70208475eab25a81127c23c1ab5bfa6f7b2fc50a6fd2c025f1f200bc126iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.
9d4ab7a3c8a6bb2829e143ebc1d41ab732008cbd002ad7dc56ddee22724c937fiDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.
787894ddedba68df8734507477667b37055d76f5f44660bb4cc572517e2626ddUbuntu Security Notice USN-748-1 - It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service.
a02bfd44068b80cf235a81d4010c10c19e16ccc39c1f3402459054a13c80dcddUbuntu Security Notice USN-747-1 - It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.
96301c92b55eb1251fa787ea679ae430a34cc3f9220925097b70d0647b24e62cPowerCHM version 5.7 stack overflow proof of concept exploit that creates a malicious .http file.
4cd34d4935a7daecc61e65d90c9a55e20a4cf26857563d6bf7269eff524be479XM Easy Personal FTP Server versions 5.7.0 and below NLST remote denial of service exploit.
21c2263d354ebbb7a28f2272d019ee4063f9333a45537cdb40a7c46b2b590569ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
2db436645d5c4fd4aa3e24d589a455b9080aa44753040e6cd39990256867c094Mandriva Linux Security Advisory 2009-081 - An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides the fix for that security issue.
0218a675d4af22d7953ff8facbadd56fc42d0d245c1acf552ca37aaa99c6e354Mandriva Linux Security Advisory 2009-080 - Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input. This update provide the fix for that security issue.
8546c2803b7d9dd0a567710d603756b33cde91e984e1d57910ee82daf034c3dcMy Simple Forum version 7.1 remote command execution exploit that leverages a local file inclusion vulnerability.
aecd9473523f12342ec2c7e647e527582de5aa5dbf9dda8a2f7df9a97002f58bMoodle versions below 1.6.9, 1.7.7, 1.8.9, and 1.9.5 suffer from a file disclosure vulnerability.
aa552553b545331fbe147555eb8e8e040f5ae385f870451942ee81c4f820d063Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
8ba51a7b6deb1d0097246edab6e9b6e4f76cc8b6ad720faa23866ca5550bc528Arcadwy Arcade Script suffers from a static cross site scripting vulnerability.
15be6e01188e229110696aaa1f0177ee492df12302d1569348683a29832d3261Free PHP Petition Signing Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9457c6cb0afe5c174c57bbfe49ce480ad55585093fe9b464e9402cf45b4e7bb8Simply Classified version 0.2 suffers from a remote SQL injection vulnerability.
2b8ec0fc4ff6b5fa10d154fa922bd32d12440a9707277c4e0602d5e97daeb02cAbee Chm Maker version 1.9.5 stack overflow exploit that creates a malicious .cmp file.
d602e21593c366d9cf7ae0532f9a79344cf3231f2cbb2479f0f40c43d6400290FreeSSHd version 1.2.1 remote buffer overflow exploit.
d44ad769be01e8c55430cfb1a0787b3a63957bf90a2c037802a725af589a04bdUbuntu Security Notice USN-746-1 - It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program.
8d1051702aa774b804b81fff953e92c7efc53d64eb481fcd593d409c1b1c14c9Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
2d36eedfcbdd369336ddd4cea77591f50716bacec90e7a87a9be265be08cb4ebSecunia Security Advisory - Ubuntu has issued an update for icu. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
b93a00d2b4c879393bb05c7f452e14b8cc5443f6feeee81cf4319b05b33a9fffSecunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.
3c5fa8c55c72a07491c89ee7d08bfc66a7393e842fe80261c6914ce748471590
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed