Mandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues.
2448fae9480dabfbee30745fd109ad6366e611bdd9d4839b93e762b8fd443e63Total Video Player local universal buffer overflow exploit.
5f9935344ceff71d0ce787a1d6dea73dcc38ec45f4bd6a6799293332dae4c3f2Ubuntu Security Notice USN-712-1 - Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program.
77e456932ebdd05bc73a584e56d2845a523908dcbc0f87dc7d0ba23a4e7ed27bPHP-CMS 1 remote blind SQL injection exploit.
afded64fc3f323cac0c8c1270b3e3adb5376506bc912052c970fdfc45b7a1ae8E-PHP CMS suffers from a remote SQL injection vulnerability in browsecats.php.
ad615b7aa2f67777c3660d484f10d052f72008b3cc5925029756dba16b71ede0Groone's GLink Organizer suffers from a remote SQL injection vulnerability in index.php.
8b3f23426555ecaeef1df606854df256de9bb0b6382a4ee6b1a08b9e3732768cCOMPASS SECURITY ADVISORY - NetWeaver/Web DynPro suffers from a cross site scripting vulnerability.
7224c93c7bcf9522b8f518d32e5aab9f0d37aea5781ca32ead0d93641e8059a0Max Blog versions 1.0.6 and below suffer from a remote SQL injection vulnerability in show_post.php.
5b99846cf28e8c4f8d861700b93a0852c16dbe3a2bd7edd2178caf48755b40c9NewsCMSlite suffers from an insecure cookie handling vulnerability.
7049b3b902170f6c0170a6a9d39a6f8e67bb66351e2b4ae950ee8adcd9b10ed4ClickAuction suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fc1f9fcdef41dadff547a0230befcf4c2f6234aaf344758752bfe5ab82a1fd98JetAudio Basic version 7.0.3 proof of concept buffer overflow exploit that creates a malicious .m3u file.
8de9344f8f6c782900324d053090f15a7232ee12ab8d78a32eee8ea55e72074eMultiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.
c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65OpenX version 2.6.3 suffers from a local file inclusion vulnerability in fc.php.
9be6fffc6654589b5b28189e36b36c265a1b5286217e71af87209e56267a8a70The Joomla Flash Magazine Deluxe component suffers from a remote SQL injection vulnerability.
0495347c6d5d1b63df6b2185941a7a362171af5570df45352dda82e39c0facddZinf Audio Player version 2.2.1 local buffer overflow proof of concept denial of service exploit that creates a malicious .gqmpeg file.
34f9df1c80fc96df4fdb7d271ddc2736dc11e2ab725036ba1f7205d8513ea723Zinf Audio Player version 2.2.1 local heap overflow proof of concept denial of service exploit that creates a malicious .m3u file.
8cf6aeec8c76137e5ca994d71b12f7ecfb9048116af73e7da1c86ad37c131871Zinf Audio Player version 2.2.1 local stack overflow proof of concept denial of service exploit that creates a malicious .pls file.
e87b137aca80ef3abb606a15246e7dcb7341eeb11457364949db9d4c4eae0e47Zinf Audio Player version 2.2.1 local buffer overflow exploit that creates a malicious .pls file and launches calc.exe.
d7e84a348837dc984a3c166a076bab72ab897753568ccc530ce42eb9763f640fSecunia Security Advisory - fuzion has discovered a vulnerability in ITLPoll, which can be exploited by malicious people to conduct SQL injection attacks.
f1e96eeed7a03f0fb72a0c2db1d748495f7c028ab32fce60dc560394890e7ec4Secunia Security Advisory - k1n9k0ng has reported a vulnerability in Script Toko Online, which can be exploited by malicious people to conduct SQL injection attacks.
8a2777ccb2c57cb42400134d9d436ece0c3ea194792114a4c6b585e7b27d6a61Secunia Security Advisory - A vulnerability has been reported in Piggydb, which can be exploited by malicious people to conduct cross-site scripting attacks.
db8eb42c12fb21b547d50a403c7e7f6df95eadd37e1f3a3a0b9e790de673ff56Secunia Security Advisory - nuclear has discovered a vulnerability in GLinks, which can be exploited by malicious people to conduct SQL injection attacks.
1a1c5724a76420762a33c669be49cf52432ac5ad06e66893ae01c808585db526Secunia Security Advisory - David Vieira-Kurz has discovered some vulnerabilities in ConPresso, which can be exploited by malicious people to conduct session fixation and script insertion attacks.
b0eb0c791101097871c86667dff5cfa69d55bb79f997d35bbe47e4ba645012b7Secunia Security Advisory - A vulnerability has been reported in SHOP-INET, which can be exploited by malicious people to conduct SQL injection attacks.
48c1c1198bdac5dce132f3b0b10909cd8253fc3d62c083bfaf469e38b88b01f7Secunia Security Advisory - Ubuntu has issued an update for ktorrent. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions.
b94bc0a3ee2dc5dc210bddc779b14c068ba0a9e2ce7afb896b0bb0fe7f138b7d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed