[SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 855-1 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2005 http://www.debian.org/security/faq -...

Debian DSA-826-1 : helix-player - multiple vulnerabilities

Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources. - CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a...

CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

CVE-2005-2935

Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940...

Microsoft Windows - keybd_event Local Privilege Escalation

Microsoft Windows - keybdevent Local Privilege Escalation / Microsoft Windows keybdevent validation vulnerability. Local privilege elevation Credits: Andres Tarasco aT4r @ haxorcitos.com Iñaki Lopez ilo @ reversing.org Platforms afected/tested: - Windows 2000 - Windows XP - Windows 2003 Original...

CVE-2002-1997

CVE-2002-1997 : ZoneAlarm Pro 3.0 MailSafe is described as allowing remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension. The provided sources confirm this description but do not offer concrete technical ...

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

CVE-2005-0073

Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code...

CVE-2001-1448

CVE-2001-1448 affects Magic eDeveloper Enterprise Edition 8.30-5 and earlier. The vulnerability arises from local file overwrites and potential code execution via a symlink attack on temporary files created by the scripts (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc. The described impact is l...

security flaw

PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

CVE-2005-0117

Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field...

CVE-2004-0852

Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL...

CVE-2004-1208

Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long password field in a join request...

Debian DSA-260-1 : file - buffer overflow

iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the 'file' command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file...

linux/x86 shared memory exec 50 bytes

No description provided by source. / [email protected] - http://www.nopninjas.com Platform: Linux x86 Length: 50 bytes - This shellcode connects to the shared memory segment matching the key and executes the code at that address. xorl %edi,%edi xorl %esi,%esi xorl %edx,%edx movl $0xdeadbeef,%ec...

Mozilla may allow violation of cross-domain scripting policies via dragging

Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...

CVE-2004-0194

Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format XFDF data...

EUVD-2002-1451

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root...

libpng: Numerous vulnerabilities

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several other programs, including web browsers and potentially server processes. Description libpng contains numerous vulnerabilities including null pointer dereference errors and boundary...