Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handl...

Adobe Reader PICT Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PI...

Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image...

Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in ATAS32.DLL during...

Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image...

Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Reader Compound Glyphs Array Indexing Error Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reade...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading...

Slackware 13.0 / 13.1 / 13.37 / current : mozilla-thunderbird (SSA:2011-249-02)

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-249-02. The text...

Slackware 13.37 / current : seamonkey (SSA:2011-249-03)

New seamonkey packages are available for Slackware 13.37 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-249-03. The text itself is copyright C...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/mozilla-thunderbird-3.1.13-i486-1slack13.37.txz: Upgraded. This release contains security fixes and...

PT-2011-1768 · Gtk+ Team · Gtk+

Name of the Vulnerable Software and Affected Versions: GTK+ versions prior to 2.24.0 Description: The issue is related to an untrusted search path vulnerability in the modules/engines/ms-windows/xp theme.c module. This allows local users to gain privileges via a Trojan horse uxtheme.dll file in t...

WordPress Plugin yolink Search 1.1.4 - SQL Injection

WordPress Plugin yolink Search 1.1.4 - SQL Injection Exploit Title: WordPress yolink Search plugin getresults $wpdb-prepare "SELECT ID,GUID FROM $wpdb-posts WHERE poststatus='publish' AND posttype IN $posttypein AND ID $idfrom order by ID asc LIMIT $batchsize" ; //misusage of $wpdb-prepare :...

Call for Papers from DefCon Chennai (DC602028)

Call for Papers from DefCon Chennai DC602028 Background: We are the Official DEF-CON Chennai Group DC602028 The Event is taking place on 11th September 2011 at a resort in ECR Road Chennai,India. We will be having a Private conference room for the meet. Regarding Paper Submission We require...

Apple QuickTime STTS atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

[slackware-security] dhcpcd (SSA:2011-210-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security dhcpcd SSA:2011-210-02 New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

Slackware 13.37 / current : seamonkey (SSA:2011-195-01)

New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-195-01. The text itself is copyright C...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

[slackware-security] seamonkey

New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/seamonkey-2.2-i486-1slack13.37.txz: Upgraded. This update contains security fixes and improvements. For more information, see:...