ToorCon 12 Call For Papers - Papers and presentations are being accepted for ToorCon 12 to be held at the Convention Center in San Diego, CA from September 20th through the 22nd.
8bb8d575fc2e6f3fa582330102bc64b1c67cec38e5d1e3cf92922e8673bbe063Zero Day Initiative Advisory 10-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the iccvid.dll module responsible for compression and decompression of VIDC (Cinepak) streams. The code within CVDecompress allocates a static amount of space for storing an RGB palette. By modifying a VIDC compressed stream within an AVI file, an attacker can force code within iccvid to loop excessively, each time incrementing the pointer for the palette storage. By abusing this behavior an attacker can execute arbitrary code under the context of the user invoking the application that uses this codec.
998a7f041ec87cfe1b92efe2118da7b75a92cc98423efdab771124829c1e5437Zero Day Initiative Advisory 10-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the codec responsible for parsing layer 3 MPEG audio streams. By providing invalid values within the stream, heap memory can be easily corrupted. This could be leveraged by an attacker to execute remote code under the context of the user running the application.
5d14c840cb070900913e58fd61bed31763a4a4691444ae7a9f2da46599207697Secunia Research has discovered a vulnerability in Windows Movie Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by boundary errors when parsing strings in imported project files (.MSWMM) and can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code. Windows Movie Maker version 2.1.4027.0 is affected.
76eef5decde8a16a4b913aef17c165dae1584e546c0e39afd6c64ad00a613f0aZendesk suffers from cross site request forgery and cross site scripting vulnerabilities.
024f7657b6aa9227056b577d9d8ed61ad1f01229594078618d836a6fc42b64a4Microsoft Windows SfnLOGONNOTIFY proof of concept privilege escalation exploit based on the vulnerability discussed in MS10-048.
091c2b1f603ada446c0678d9b4df40e311ac6f36eea39da1e834d4e1eb26e299Msxml2.XMLHTTP.3.0 response handling memory corruption exploit that takes advantage of the vulnerability listed in MS10-051.
36337c841a1ee6b14eb1a761db53bbab0d0efac57cda58f85dc96bb0cb3db271Mandriva Linux Security Advisory 2010-147 - layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
ae50c002632c61d71b9010c9358af64f2eefda72f86a2d7b26d7465eda3ae8c3Sopcast version 3.2.9 remote buffer overflow exploit.
8649b23b0560a33f56d05ad294b1860670869f80d563a28bc7b03394962a3a49Exploit for the Microsoft SMB Server Trans2 zero size pool alloc vulnerability as discussed in MS10-054.
939654afe2288d6e948a7df3cc4ffbd715224ce006d2df8c3546ea053a424566Rosoft Media Player version 4.4.4 buffer overflow exploit.
d788f5d5fbe39ff2df6d7ccdafa5b25a188ab8049559bf52ef00b80852b4e6a3Mthree Development MP3 to WAV Decoder suffers from a denial of service vulnerability.
748381e4a79ed364736fbd3dae897b831df2cdc9ca576d3365cbabc1f774527bAoAAudioExtractor version 2.0.0.0 active-x related proof of concept exploit.
8daaf5c4dba993bd17dedc22c446dfd590e706cfb5669c9b09dcf7949013f2c9Linux kernel versions 2.6.33.3 and below SCTP INIT remote denial of service exploit.
a35d8f03321604b0eee056d633f06be3f14c328a7fc6b0c000888fa3b75af760Visual MP3 Splitter and Jointer version 6.1 suffers from a denial of service vulnerability.
68d7e6217a463e10c3cec8ed1fe88e2956c110110bbb3a60126b1573db11ed46Wizmall version 6.4 suffers from a cross site request forgery vulnerability.
dd648c0669b6c384e7dd8be3b555e949b7b4cc84c3b390d2c7aa0b323aca633dThe Joomla Yellowpages component suffers from a remote SQL injection vulnerability.
7c308a28236df976529dadc31475546accb996afac587e8f845a315726a2212fKleeja version 1.0.0RC6 suffers from a database disclosure vulnerability.
c4f96d2e19766d8c44f0d29bd5916b69c0e33e42a8cc8b582b3eb4229b9ce82dPHPKick version 0.8 statistics.php remote SQL injection exploit.
faf9a3b1fbd41a31ea0a001c8d00d5d0d7b59fe266c84bc96699a1f238f7b372Fat Player version 0.6b suffers from a .wav file processing buffer overflow vulnerability.
6e04e637bc747f7d62c6294e7c3171358d68272b5de32470b2a033f027362d70Ubuntu Security Notice 965-1 - Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that the slap_modrdn2mods function in modrdn.c in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. In the default installation under Ubuntu 8.04 LTS and later, attackers would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.
3ca13ddfe2e88809d4d45a5479af662f44cb198db14ce2072fe0867f6ded3b2eThe ffdshow video codec suffers from a denial of service vulnerability.
d562a525292f6aaf6c55683e5aa7bf43bb0e1651baf1de5844a2565190cfbfa5myMP3-Player version 3.0 buffer overflow exploit.
bf73babdf5618d81d3f01d1199e4c8d9f52c6f9df7dfda9742438e8313cb8d7dAdvanced File Vault (eSellerateControl350.dll) active-x heap spray exploit.
47215ee07b3dbffea3094556c6dcc39e682effd7d68a29a4d4bb879f4069cb6bThe Joomla Teams component version 1_1028_100809_1711 suffers from multiple remote blind SQL injection vulnerabilities.
9b64e5f61e293b9177eddb45f62f1c3467e1f593e76977041397f83cac1d2c63
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed