Microsoft Internet Explorer CAtomTable Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Visio Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V...

CVE-2013-3485

Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse 1 dwmapi.dll or 2 api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0 and -current to fix a security issue. Sorry about having to reissue this one -- I pulled it from ftp.gnu.org not realizing that the latest version there was actually months out of date. Here are the details from the Slackware 14.0 ChangeLog:...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/gnutls-3.0.26-i486-1slack14.0.txz: Upgraded. This update prevents a side-channel attack which may allow remote attackers to conduct...

Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Hewlett-Packard LoadRunner lrFileIOService ActiveX Control WriteFileString Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...

[slackware-security] seamonkey

New seamonkey packages are available for Slackware 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/seamonkey-2.20-i486-1slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see:...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/mozilla-thunderbird-17.0.8-i486-1slack14.0.txz: Upgraded. This release contains security fixes and improvements...

Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : httpd (SSA:2013-218-02)

New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-218-02. The tex...

Tor Users Hit With Firefox Exploit, But No Large Compromise of Network Seen

The vulnerability in Firefox that was being used to exploit some users of Tor in recent days was fixed in a previous Firefox release and the exploit in circulation only works against people running Firefox 17. Over the weekend, word spread that the exploit was in the wild and that the Tor network...

Royal Baby Spam Campaign Leads to Black Hole-Infected Site

Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate’s baby boy to direct victims to a site...

[slackware-security] ruby (SSA:2013-178-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/mozilla-firefox-17.0.7esr-i486-1slack14.0.txz: Upgraded. This release contains security fixes and improvements. For...

Slackware 13.37 / 14.0 / current : mozilla-firefox (SSA:2013-180-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-180-01. The text itself is...

Oracle Java KeyStore SecurityManager Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AWT mlib library...

Microsoft Internet Explorer CSelectionInteractButtonBehavior Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CMMImageLayout...