Ubuntu Security Notice 539-1 - Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
7e844129a0846b3f240a7129c636ae613446c5d9252befed774c37c4f92d964fMandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. netpbm contains an embedded copy of libjasper and as such is vulnerable to this issue.
19c3df195e84a6820651f344e1ec958724f84edcd8efea41d94128ac53a6095cMandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.
f0ea1e0d11da10e98ce692e6d6695ee62c67d00cec585f503476fc3e983a3693Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.
37ebdc3f13e1eb779e7cd63aa7636b79508f0ec1d89d2455e1f0a73175c8afe5Debian Security Advisory 1401-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
9bc7902a3a9d13707c50680a45511ae88d83140ad502a37acbb6b1f0fad70d4aA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. QuickTime version 7.2 is affected.
c02cab1df640e091a923dcfe61a2ca82c092fa0048c2a4ca4cac05c8466adc61A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution. QuickTime version 7.2 is affected.
b703a5542306c05169cf942ffeffd6c780cfb163f202ecd430986c7e85b13405A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. QuickTime version 7.2 is affected.
32eb11628e589a075650eb1d310a3bdc448d1426d99253e29834677fac4146b0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code. QuickTime version 7.2 is affected.
f41eb0c98c59bc787e7c6f5beb244f618216d6a53083be1858854cbcb546744aiDefense Security Advisory 11.05.07 - Remote exploitation of a heap overflow vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. iDefense Labs confirmed this vulnerability exists in QuickTime VR extension 7.2.0.240 as included in QuickTime Player 7.2. Previous versions are suspected to be vulnerable.
cc6ea2e8a8e2dbe86dd2fe554b99613956ff2f4d2973039ec6630f452c891c7cDebian Security Advisory 1399-1 - Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions.
4e9bbf1195e5a962ec3e8efa50660e8befb13f4cce288de22bcb4045c8d91264Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.
461394d46dce182dddd5cd5ac8284bec3acbe0ca019c1b7a15477e4a510c19e6Secunia Security Advisory - shinnai has discovered a vulnerability in EDraw Flowchart ActiveX Control, which can be exploited by malicious people to overwrite arbitrary files and compromise a user's system.
f626eb92e2afabcf3cc9084fac693d7ba88b9bff10de1f6c3d9ae0a85ddce724Secunia Security Advisory - A security issue has been reported in BitchX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
5305de056bcb06fa2a8efb7778f78686b708790b9c87e6c4609464523a6b5c75Secunia Security Advisory - A vulnerability has been reported in NetCommons, which can be exploited by malicious people to conduct cross-site scripting attacks.
277fa55f6d383f4ff88b6878955e3238d737b939087f02e0d86b2f31c0b4dbffSecunia Security Advisory - SkyOut has reported some vulnerabilities in SF-Shoutbox, which can be exploited by malicious people to conduct script insertion attacks.
13ad2ae1b2ff17ec02ac63559a2dd8a499b2f117b5e1baf1a154abd5d5894623Secunia Security Advisory - Ivan Sanchez and Maximiliano Soler have reported a vulnerability in Helios Calendar, which can be exploited by malicious people to conduct cross-site scripting attacks.
768860b8efe65684eb56df2c2f428403fe17358e02bb63b0cd94d1116642ba63Secunia Security Advisory - A vulnerability has been reported in SRS Net Connect Software, which can be exploited by malicious, local users to gain escalated privileges.
f9d965808c78dacf74e85275b60c3a3b788788630dac90758f87f98571db1c39Secunia Security Advisory - R00T[ATI] has reported a vulnerability in E-Vendejo, which can be exploited by malicious people to conduct SQL injection attacks.
4fb7859b819144d660923c420515bb6c638f90650962a14c12cc9ce58001ab0fSecunia Security Advisory - Mandriva has issued an update for pwlib. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f79e50bd935e67d9904aec6b65ff28c086cd61b931c4acb3d3737a8650082663Secunia Security Advisory - Mandriva has issued an update for opal. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
1a52b3cae9709b30d806cf2ea6451f601aa918974b0bfce414cccff2d9414b3eSecunia Security Advisory - Mdx has reported a vulnerability in SyndeoCMS, which can be exploited by malicious people to compromise a vulnerable system.
51fa5b2a01becf914692edfe001b08701293b9fa076d5cd78995a86a4b398a7aSecunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS and IR, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
50e07ed1e3f7a09165c724c28f5f08837c1f40eb1cdd24a61ba782ffe54f668ciDefense Security Advisory 11.02.07 - Local exploitation of a format string vulnerability in the srsexec binary, optionally included in Sun Microsystems Inc.'s Solaris 10, allows attackers to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.
f23ad8bd0ff050692c255d227228b062940d37121dd0cce0c71c9c51e79ecdb5ASP Message Board version 2.2.1c suffers from a remote SQL injection vulnerability.
21110360c4381c0873103632e28bb2280d1712af5854ce024cdc3ba651f0f078
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed