CVE-2011-1592

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service application crash via a crafted .pcap file...

Mandriva Update for libtiff MDVSA-2011:078 (libtiff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : libtiff-3.9.5-1.fc15 (2011-5336)

Update to libtiff 3.9.5, incorporating all our previous patches plus other fixes, notably the fix for CVE-2009-5022 Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding CVE-2011-0192 as well as a non-security-critical crash in gif2tiff. Note that Tenabl...

Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)

This host is missing a critical security update according to Microsoft Bulletin MS11-031. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GGmpeg library multiple security vulnerabilities

Buffer overflow on Vorbis / WebM files decoding, memory corruption on RealMedia and VC1 files...

Reverse Engineering of Proprietary Protocols, Tools and Techniques !

Reverse Engineering of Proprietary Protocols, Tools and Techniques ! This talk is about reverse engineering a proprietary network protocol, and then creating my own implementation. The talk will cover the tools used to take binary data apart, capture the data, and techniques I use for decoding...

Fedora 14 : libtiff-3.9.4-3.fc14 (2011-2540)

Fix buffer overrun in fax decoding CVE-2011-0192 as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 regression (USN-1049-2)

USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. We apologize for the inconvenience. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn...

Mozilla Thunderbird 3.1.x < 3.1.8 Multiple Vulnerabilities

Binary data 5810.prm...

Ubuntu: Security Advisory (USN-1050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox 3.6.x < 3.6.14 Multiple Vulnerabilities

Binary data 5808.prm...

USN-1050-1: Thunderbird vulnerabilities

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

USN-1049-1: Firefox and Xulrunner vulnerabilities

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

Mozilla Thunderbird 3.1 < 3.1.8 Multiple Vulnerabilities

The installed version of Thunderbird 3.1 is earlier than 3.1.8. Such versions are potentially affected by multiple vulnerabilities : - Multiple memory corruption errors exist and may lead to arbitrary code execution. MFSA 2011-01 - An input validation error exists in the class,...

Firefox 3.6 < 3.6.14 Multiple Vulnerabilities

The installed version of Firefox 3.6 is earlier than 3.6.14. Such versions are potentially affected by multiple vulnerabilities : - Multiple memory corruption errors exist and may lead to arbitrary code execution. MFSA 2011-01 - An error exists in the processing of recursive calls to 'eval' when...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities (USN-1049-1)

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

php: XSS mitigation bypass via utf8_decode()

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Fedora 14 : perl-Convert-UUlib-1.34-1.fc14 (2011-0052)

Perl extension Convert::UUlib 1.34 : - Fix a one-byte-past-end-write buffer overflow in UURepairData reported, analysed and testcase provided by Marco Walther - Quoted-printable decoding was completely broken, try a fix Note that Tenable Network Security has extracted the preceding description...

Fedora 13 : perl-Convert-UUlib-1.34-1.fc13 (2011-0062)

Perl extension Convert::UUlib 1.34 : - Fix a one-byte-past-end-write buffer overflow in UURepairData reported, analysed and testcase provided by Marco Walther - Quoted-printable decoding was completely broken, try a fix Note that Tenable Network Security has extracted the preceding description...

Ubuntu: Security Advisory (USN-1042-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...