1345 matches found
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution...
Vulnerabilities in plugins for WordPress
Hello Bugtraq! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to the list earlier. This August I made a summary about all vulnerabilities in plugins for WordPress http://websecurity.com.ua/3397/, which I found during 2006-2009. In...
TYPSoft FTP Server 1.10 - APPE DELE Denial of Service
TYPSoft FTP Server 1.10 - APPE DELE Denial of Service Bugtraq: http://seclists.org/bugtraq/2009/Nov/163 Date of Discovery: 24-Nov-2009 Credits:leinakesiatgmail.com Vendor: TYPSoft Affected: TYPSoft FTP Server Version 1.10 Earlier versions may also be affected Overview: TYPSoft FTP Server is an ea...
Python 2.5.2 Imageop Module - imageop.crop() Buffer Overflow
Python 2.5.2 Imageop Module - imageop.crop Buffer Overflow Python's 'imageop' module is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of...
Linux Kernel collect_rx_frame函数本地权限提升漏洞
BUGTRAQ ID: 37036 CVE ID: CVE-2009-4005 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/isdn/hisax/hfcusb.c文件中的collectrxframe函数存在错误,通过ISDN到达的特制HDLC报文可能触发读缓冲区溢出,导致执行任意内核态代码。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Core Security Technologies Advisory 2009.0908
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
Advisory ID Internal CORE-2009-0908 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id: CORE-2009-0908 Advisory URL:http://www.coresecurity.com/content/softimage-arbitrary-command-execution Date published: 2009-11-23 Date of last update: 2009-11-20...
Autodesk Maya Script Nodes Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script Nodes Arbitrary Command...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application...
Autodesk Maya Script Nodes Arbitrary Command Execution
Advisory ID Internal CORE-2009-0910 1. Advisory Information Title: Autodesk Maya Script Nodes Arbitrary Command Execution Advisory Id: CORE-2009-0910 Advisory URL:http://www.coresecurity.com/content/maya-arbitrary-command-execution Date published: 2009-11-23 Date of last update: 2009-11-20 Vendor...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
New Zero-Day Flaw Discovered in IE7
There is a newly discovered vulnerability in both Internet Explorer 6 and Internet Explorer 7 that could enable an attacker to take complete control of a vulnerable machine. The vulnerability is the result of a dangling pointer in IE and there is a working exploit for the flaw circulating online...
Core Security Technologies Advisory 2009.0814
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ HP Openview NNM 7.53 Invalid DB Error Code vulnerability 1. Advisory Information Title: HP Openview NNM 7.53 Invalid DB Error Code vulnerability Advisory Id:...
Microsoft Windows KeAccumulateTicks()函数SMB2报文远程拒绝服务漏洞
BUGTRAQ ID: 36989 Microsoft Windows是微软发布的非常流行的操作系统。 远程攻击者可以通过向Windows 7或Server 2008发送畸形的SMB报文在KeAccumulateTicks函数中触发NTASSERT或DbgRaiseAssertionFailure,导致内核由于死循环而变得忙碌。 Microsoft Windows Server 2008 R2 Microsoft Windows 7 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
BibTeX - '.bib' File Handling Memory Corruption
Bugtraq ID: 34332 Class: Failure to Handle Exceptional Conditions Published: Apr 01 2009 12:00AM Updated: Nov 13 2009 03:46PM Credit: Vincent Lafevre Vulnerable: RedHat Linux 2.1 RedHat Fedora 9 0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat...
Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
No description provided by source. Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHa...
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat...
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...
Microsoft Windows License Logging服务远程堆溢出漏洞(MS09-064)
BUGTRAQ ID: 36921 CVE ID: CVE-2009-2523 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统中的License Logging服务(llssrv.exe)处理RPC调用的方式堆溢出漏洞。在处理传送给LlsrLicenseRequestW方式的参数时,字符数组应包含有终止的空字符。如果用户发送了没有空字符的恶意请求数据,就可以覆盖对lstrcatW的调用,触发这个溢出。 利用这个漏洞无需认证。攻击者可以通过向运行License...
Fedora 11 : ocaml-camlimages-3.0.1-7.fc11.3 (2009-10594)
Fix handling of oversized TIFF images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...