IDA Pro 6.3 ELF anti-debugging / reversing patcher that causes a crash.
b621ceacd09444ff9fc01a41d5f4753069ac4eaac545eed53223b30f95090c1fUbuntu Security Notice 1676-1 - Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.
9f62e3294f6a235a48ec96a52fc1bb0ddbaf0eb71006e31273c8a90f82b68010Mandriva Linux Security Advisory 2012-181 - Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these issues.
9bce0d06f9a983370a47c9bda523a29bc653990c43314967da3f82c2062f4253Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
e8f3abacc0bbc717eed7e87878961a2412b68e70656f6ecc81e0e4ead8317e9fUbuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
6ff707c404f51dfeb2d328fcf42573be6bcff618f49d87c1e3d44363fafc9b60Free Hosting Manager version 2.0.2 suffers from a persistent cross site scripting vulnerability.
335377c3da8b74855bab0926e442b783e0a025c0a92bad72b5f9cd8afec705f8DIMIN Viewer version 5.4.0 suffers from a GIF decode crash vulnerability.
37c08ac9d3c8f9530c6c4e0e67e12334cd8ee8d63de9a989e27cf8b8623af737Kiwi Syslog Web Access version 1.4.4 suffers from remote SQL injection and blind SQL injection vulnerabilities.
30c497b23b1f3b0a07ecbebf1a4e6f17d981770e58ae9b1af674bd68c74a5d58Joomla ZtAutoLink component suffers from a local file inclusion vulnerability.
8d7b7afaf7dc0deb578c05776b007a2e0e6a4fc0525e669d41c81a37107d3723Joomla Bit component suffers from a local file inclusion vulnerability.
56a0dfe953eb01f7814c7e0a38f7af1db46be7d121833068fc3e03448164fbd5EMC Avamar version 6.1.100-402 suffers from a world-writable cache file vulnerability that leverages /tmp.
e49cbec22954636f2d8675765991f6e9558126b4c14f04a788902ec16d34e6d5Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.
6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029Microsoft Internet Explorer 9.x suffers from a remote stack exhaustion vulnerability.
d92f15f413457c5e0e27867c732c549570fd1dd935370f20ae2973bbf1b93532Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to disclose sensitive information and by malicious people to bypass certain security restrictions.
27229969cecbe80e573a46ef4627207ede118da37b879f97883ad895001094f8This Metasploit module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This Metasploit modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
f99bd99b5b541326375a269f30ae36cdabc7a1c18a150d0b60fb51908c7a78c6haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
f4d6b50053572482751122353f082e946e4749f34e385addc0cdf77ee0ef067eUbuntu Security Notice 1673-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
625d9396aeca4d3a2ad0430b3a201a2fc896848c8fba0cacb0a2a709ee027cc4Ubuntu Security Notice 1671-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
58a6c166c0e2e8c119e52af12809a6b51b759ca5244149aebf3b55517e8d80a3Ubuntu Security Notice 1670-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
cc758c46cdb6a1dfbe34f853f40eb7071ffdf41e573ffaf4088124ae7c87a1b9Red Hat Security Advisory 2012-1589-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction.
eff9ac00d6131703f5d463555dbb5186a6916beab238525265247e6bc5b89879Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
ce7a6ce3fa874a437034915aac5d5291665cbbaaf245d08d9d1f5eb346d591fcRed Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
66169491e9b4f93081527475ee84f735d2d918f29661a02612d38689d09f4878Red Hat Security Advisory 2012-1593-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: A flaw was found in the way Apache CXF verified that XML elements were signed or encrypted by a particular Supporting Token. Apache CXF checked to ensure these elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could use this flaw to transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF.
540ceb3b6fc3bd14daba21fd0b4bd4d8aeb851af3fb9f1824c71ccca11a1bca3Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.
f92cb2e1082be2cdd632541bdbbb07fd784b778a7cab91f842ea6fe9c8ae58beRed Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
9f252a88d1f38fd6c3c381757d9c5cb1073c52fcd621aa36d6a621a3438e93f5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed