Zero Day Initiative Advisory 12-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process.
99ea9322e505dba8036dea8d3150e9f23d91823239f879e3477401f033570694Zero Day Initiative Advisory 12-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a HTMLMedia element. After a source element is created, an attacker can catch the beforeLoad event before the element is used, and delete the element. The pointer to the source element will then be referenced causing a use-after-free condition, which can lead to code execution under the context of the application.
f8ad76efb6dc7c54fabe36b22f6cc735fa61cf7900c7f5472118ee228b4bde4aZero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.
4c3c7f5e3250c7b1484ca7357cdefae51d7f8acc72681ad5fc5ebe3a648e80a8Zero Day Initiative Advisory 12-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "<all-permissions/>" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.
383be539a89377bb33d31a0643c657adf0d7f528c7698591adb195378615975aZero Day Initiative Advisory 12-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.
4b7933dcb49833c0949097d659101dd0e863d974583fd5392687c7c88066b9f7YeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
874405777edd847f163325edf73c03b42d16a9c2dc18c2eda37f745725d199aa4psa VoipNow versions prior to 2.3 suffer from a remote command execution vulnerability.
9889092cc05ca0c360d1c888ac5dd274723646a753d62f1ba64b7fd58a84be33WordPress BuddyPress plugin suffers from cross site scripting and content spoofing vulnerabilities.
a2a973b41ca8cc4e4212a323806b5d414908948989341121167117923b861155Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
0a8f79dd910061668fd70cded939a4043e9b5ebd3ae835ceba6e01e93f6bb254Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Virtuemart 2 Multiple Customfields Filter module for Joomla!
1f2f86cc7dd38374e660a91c9bab2e7ae524104c5fd8d9e4ed32d60a3fb051fdSecunia Security Advisory - Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service).
efa3398294a94b764a641aed45c01054679866f02d9de917b329d30814314a9aSecunia Security Advisory - Two vulnerabilities have been reported in VMware vCenter Server Appliance, which can be exploited by malicious users to disclose certain sensitive information.
48ab80274f8c8be01aa9de300b3d0bc0ba3a98744acfb7aa04de91011ed16931Secunia Security Advisory - Two vulnerabilities have been reported in CA IdentityMinder, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data or compromise a vulnerable system.
d195a43f8ceb69feaea4c7c1a2b22d8e83dd277e7cb535597ab85a889b932b55Secunia Security Advisory - Red Hat has issued an update for Fuse MQ Enterprise. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1716bc25403178b74f82d9199e136292927fc3b5fc01f4254c7633171ef51871Secunia Security Advisory - Red Hat has issued an update for Fuse ESB Enterprise. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
fa3828a1ae7af04e9c9b155cd959d242a74e776b45a1375f6ada773d54f89f25Secunia Security Advisory - Multiple vulnerabilities have been reported in Foreman, which can be exploited by malicious people to conduct SQL injection attacks.
504ee87cd39eb127d96eb9afdb6ba23e699c000cf312100113f1cae5c335f7bdSecunia Security Advisory - Red Hat has issued an update for Fuse Management Console. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9888a3391b252f1bf92997b92a5e7875b4724b4c8735166b55f20113389d1089Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).
fafedf99ade33f0142e5cdf4abea711b8e2504fdae6fc9e7f6bfc6633ffccf0dSecunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
3bd9f64b063c56ab7e18ddee1a19fa289046ae5c18daec47ce77e7e1a746714cSecunia Security Advisory - Red Hat has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
139410dc76e1261023a8d170407ee4bb93e91eca990b7a62eefd4344d75ba787Secunia Security Advisory - temp66 has reported a vulnerability in Nagios, which can be exploited by malicious people to compromise a vulnerable system.
0f94f83e5eec7cd77951165161f7b35dcaf511d086ce9c6113ef8f147c2b8923Secunia Security Advisory - Oracle has acknowledged a security issue and a vulnerability in Apache HTTP Server included in Solaris, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks.
d662d4f52afd07357bec32434cf9750925bb144b01baf1a7d5f2e2def37e3fc7Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Java included in Solaris, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
59b1795a503898484b4689f79ff7c55361d0371fec7b2f882eb2cea549d88df0Secunia Security Advisory - A security issue has been reported in IronJacamar, which can be exploited by malicious people to bypass certain security restrictions.
c04a23c239c650fc1e88b4d3f037fc3047c4e6138671a9e9264d9a248c5b62ebSecunia Security Advisory - A vulnerability has been discovered in Quenlig, which can be exploited by malicious users to conduct script insertion attacks.
e6ea749254ddb3eb288d6da02d31501107d563227be84c7c00a46a5c8905cbf3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed