DSA-3009-1 python-imaging - security update

Bulletin has no description...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

OpenJDK: JPEG decoder input stream handling (2D, 8029854)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

[SECURITY] Fedora 20 Update: fldigi-3.21.83-2.fc20

Fldigi is a modem program which supports most of the digital modes used by ham radio operators today. You can also use the program for calibrating your sound card to WWV or doing a frequency measurement test. The program also c omes with a CW decoder. fldigi is written with the help of the Fast...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function RtlDosPathNameToNtPathNameU and may be exploited through other...

JPEGsnoop <= 1.5.2 WriteAV Crash PoC

No description provided by source. !/usr/bin/perl JPEGsnoop 1.5.2 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/jpegsnoop/ Vendor Description: JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports al...

Microsoft MPEG Layer-3 Audio Decoder Division By Zero

No description provided by source...

Mthree Development MP3 to WAV Decoder Denial of Service Vulnerability

No description provided by source. Exploit Title: Mthree Development MP3 to WAV Decoder .mp3 DoS Date: 10 / 8 / 2010 Author: Oh Yaw Theng Credit : ZAC0034m!n Software Link: http://www.mthreedev.com/setupmp3towav.exe Tested on: Windows XP SP 2 CVE : N / A Description : Create the malicious .mp3 fi...

Linux/ARM - Polymorphic execve("/bin/sh", ["/bin/sh"], NULL); - XOR 88 encoded - 78 bytes

No description provided by source. / Title: Linux/ARM - Polymorphic execve/bin/sh, /bin/sh, NULL; - XOR 88 encoded - 78 bytes Date: 2010-06-28 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Database of shellcodes...

Xine 0.9.x And Xine-Lib 1 Multiple Remote File Overwrite Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file...

Power System Of Article Management 3.0 - (DD/XSS) Vulnerabilities

No description provided by source. --------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

Cain & Abel <= 4.9.24 - RDP Buffer Overflow

No description provided by source. $Id: cainabel4918rdp.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Cain & Abel <= 4.9.24 - .RDP Stack Overflow Exploit

No description provided by source. !/usr/bin/perl Cain & Abel = v4.9.24 .RDP Stack Overflow Exploit Exploit by SkD [email protected] ----------------------------------------------- Nothing much to say about this one. This works on an updated Windows XP SP3. On Vista this exploit is way easier th...

OpenSSL ASN1 BIO Memory Corruption Vulnerability

No description provided by source. Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...

Easyzip 2000 3.5 - (.zip) 0day stack buffer overflow PoC exploit

No description provided by source. ?php / Easyzip 2000 v3.5 .zip 0day stack buffer overflow PoC exploit Author: mrme - http://net-ninja.net/ Download: http://www.thefreesite.com/ezip35.exe Platform: Windows XP sp3 Advisory: http://www.corelan.be:8800/advisories.php?id=10-032 Greetz to: Corelan...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

libtasn1: multiple boundary check issues

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

openSUSE Security Update : python3 (openSUSE-SU-2012:0861-1)

python3 was fixed for : - Fix bnc758993 - CVE-2012-2135: python3 utf-16 decoder unicodedecodecallerrorhandler alignedend is not updated %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...