924 matches found
JVN#99977321: Picasa may insecurely load executable files
Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...
VERA v0.3 - Visualizing Executables for Reversing and Analysis tool !
"VERA is a Visualizing Executables for Reversing and Analysis tool. It is a tool for reverse engineering Windows executables. It is used in conjunction with the Ether framework to generate visualizations to help with the RE process." This is the official change log: Added processing of trace file...
New Trojan Targets User Credentials on Popular Sites
A new information-stealing Trojan, believed to be of Chinese origin, has been identified by Avira researchers. This malware targets usernames and passwords for a variety of popular websites, including YouTube, Google, and PayPal, as well as Chinese sites like Youku, Tudou, Sogou, and Soho. The...
Bloodshed Dev-C++ 4.9.9.2 Binary Hijacking Exploit
/ Exploit Title: Bloodshed Dev-C++ Binary Hijacking Exploit make.exe, mingw32-make.exe Date: August 25, 2010 Author: storm [email protected] Version: 4.9.9.2 Tested on: Windows Vista SP2 http://www.gonullyourself.org/ gcc -o make.exe Dev-C++-Binary.c gcc -o mingw32-make.exe Dev-C++-Binary....
Opera Browser Multiple Vulnerabilities (Aug 2010) - Windows
Opera Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories
Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Moderate Description Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run...
Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)
Microsoft Internet Explorer is the most widely used Internet browser. Safari is a web browsing application developed by Apple. A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a...
Foxit Fixes PDF Executable Problem
Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader. The Foxit security update fixes a problem in the reader in whic...
Norton Internet Security ActiveX Command Execution (CVE-2004-0364)
Norton Internet Security is a security solution produced by Symantec corporation. There exists a vulnerability within Norton Internet Security that allows a remote attacker to run arbitrary executables on the target system through a malicious call to a certain method of a vulnerable ActiveX...
Linux Daemons with Broken Links to Executables
By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken. This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not bee...
Mozilla Code *sighs*
Mozilla Code sighs I reported a memory corruption vulnerability in Mozilla Codesighs, a "set of tools to help you determine the code and data size of shared libraries and executables. Once you can measure the code and data size, then you can measure drifts in size as code changes occur". Mozilla...
CVE-2009-4240
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors...
CVE-2009-4240
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors...
Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within Perl CGI executables distributed with Network Node Manager NNM...
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
Application executes all executables with predefined names found in system...
Rising Antivirus / Firewall weak security permissions
Weak permissions for program executables and services...
Researcher Finds Twitter Botnet Command Channel
Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation. The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers ...
Steam v.54/894 Local Privilege Escalation Vulnerability
No description provided by source. Steam Multiple .exe's Local Privilage Escalation By: MrDoug mrdoug13atgmaildotcom Version Info: Steam windows client Built: Jun 30 2009, at 13:29:32 Steam API: v008 Steam Package versions: 54/894 Greetz: Slappywag, Doomchip, Bolo, Eliwood, and the rest. Special...
Steam Local Privilege Escalation
Steam Multiple .exe's Local Privilage Escalation By: MrDoug mrdoug13atgmaildotcom Version Info: Steam windows client Built: Jun 30 2009, at 13:29:32 Steam API: v008 Steam Package versions: 54/894 Greetz: Slappywag, Doomchip, Bolo, Eliwood, and the rest. Special Thanks: Jeremy Brown and...
Steam 54894 - Local Privilege Escalation
Steam 54894 - Local Privilege Escalation Steam Multiple .exe's Local Privilage Escalation By: MrDoug mrdoug13atgmaildotcom Version Info: Steam windows client Built: Jun 30 2009, at 13:29:32 Steam API: v008 Steam Package versions: 54/894 Greetz: Slappywag, Doomchip, Bolo, Eliwood, and the rest...