GNU C Library: Multiple vulnerabilities

Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker could trigger vulnerabilities in dynamic library...

PT-2013-4219 · Microsoft · Windows Xp +10

Name of the Vulnerable Software and Affected Versions: Windows common control library versions in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT Description: A remote code...

PT-2013-3839 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the patchday that contains the fix for this issue Description: The issue is related to the improper implementation of Address Space Layout Randomization ASLR in Windows, allowing attackers to bypass the ASL...

SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)

This collective update for the GNU C library glibc provides the following fixes : - Fix strtod integer/buffer overflows. bnc775690, CVE-2012-3480 - Fix vfprintf handling of many format specifiers. bnc770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406 - Fix pthreadcondtimedwait stack unwinding...

CVE-2012-5379

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH syste...

PT-2012-5961 · Activestate · Activepython

Name of the Vulnerable Software and Affected Versions: ActivePython version 3.2.2.3 Description: The installation functionality in ActivePython has an untrusted search path vulnerability. This might allow local users to gain privileges via a Trojan horse DLL in the C:Python27 or C:Python27Scripts...

CVE-2011-5154

Multiple untrusted search path vulnerabilities in 1 SAPGui.exe and 2 BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these...

PT-2012-2230 · Microsoft · Qdvd.Dll +7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: T...

DVR Remote ActiveX code execution

It's possible to load dynamic library via DVRobot.DLL...

Wireshark multiple security vulnerabilities

DoS on different protocols dissectors, unsafe dynamic library loading...

GTK+ may insecurely load dynamic libraries

Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...

UBUNTU-CVE-2011-3012

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates...

CVE-2011-1705

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url...

Low: Red Hat Security Advisory: rgmanager security and bug fix update

An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

PT-2010-5200 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Windows Media Encoder 9 versions on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 Description: The issue allows local users to gain privileges via a Trojan horse DLL...

TeraPad may insecurely load dynamic libraries

Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...

CVE-2010-3190

Untrusted search path vulnerability in the Microsoft Foundation Class MFC Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain...

VulnCheck KEV: CVE-2007-2987

Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the 1 DebugMsgLog or 2 DoFileProperties methods...

Oracle Sun Java WebStart code execution

Characters injection during javaws/javaws.exe launch allows dynamic library execution in specified location...

Apache mod_isapi uninitialized pointer function call

Uunder some conditions function from dynamic library is called by it's address after library is unloaded...