USN-973-1: KOffice vulnerabilities

Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary co...

openSUSE Security Update : gpg2 (openSUSE-SU-2010:0479-1)

GnuPG2 was vulnerable to arbitrary code execution by context-dependent attackers because of reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. CVE-2010-2547 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

DEBIAN-CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

2: use-after-free when importing certificate with many alternate names

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

openoffice.org -- Multiple vulnerabilities

OpenOffice.org Security Team reports: Fixed in OpenOffice.org 3.3 CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files CVE-2010-3451 ...

Joomla Component com_mysms Upload Vulnerability

Exploit for php platform in category web applications =============================================== Joomla Component commysms Upload Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

Joomla! Component MySMS - Arbitrary File Upload

Joomla! Component MySMS - Arbitrary File Upload 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla commysms Upload Vulnerability Date : july 10,2010 Critical Level : HIGH vendor URL...

Joomla Canteen Local File Inclusion

Name : Joomla comcanteen LFI Vulnerability Date : july 9,2010 vendor URL :http://miniwork.eu/ Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger greetz to :www.topsecure.net ,All ICW members and my friends : luv y0 guyz...

Fedora 11 : glpi-0.72.4-2.svn11035.fc11 (2010-5188)

This version correct several bugs. Full upstream changelog : Bug 1893: Unable to access to the model of phones dictionnary Bug 1904: Vlan not add using Template Bug 1906: Message-ID should not use $SERVER'HTTPHOST' Bug 1918: configured listlimitmax not honnoured Bug 1941: Disconnecting a port...

Moderate: Red Hat Security Advisory: vdsm security, bug fix, and enhancement update

Updated vdsm packages that fix one security issue, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

Shareasale Script - SQL Injection

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Shareasale Script SQL Vulnerable Vendor url:http://www.jce-tech.com Version:1 Price:n/a Published:...

CVE-2010-1546

CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...

Drupal Panels Module 6.x PHP Code Execution Vulnerability

A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code...

SA-CONTRIB-2010-049 - Wordpress Import - Access bypass

The Wordpress Import module provides the ability to import nodes from a Wordpress WXR export file. The form to import a WXR file does not use the correct access permission and allows any user to upload arbitrary files and import data from a remote WRX file. Versions affected Wordpress Import for...

Mandriva Update for mds MDVA-2010:142 (mds)

Check for the Version of mds OpenVAS Vulnerability Test Mandriva Update for mds MDVA-2010:142 mds Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

RPM Select/Elite v5.0 (.xml config parsing) unicode buffer overflow PoC

Exploit for windows platform in category dos / poc ======================================================================= RPM Select/Elite v5.0 .xml config parsing unicode buffer overflow PoC ======================================================================= !/usr/bin/python RPM Select/Elit...

Kwik Pay Payroll 4.10.3 Proof Of Concept

Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: chap0 Email: chap0x90atgmaildotcom Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data Source...

Kwik Pay Payroll 4.10.3 - .mdb Crash (PoC)

Kwik Pay Payroll 4.10.3 - .mdb Crash PoC Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From...

Kwik Pay Payroll v4.10.3 .mdb Crash PoC

Exploit for windows platform in category dos / poc =============================== Kwik Pay Payroll .mdb Crash PoC =============================== Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: chap0 Email: chap0x90atgmaildotcom Site: http://www.setfreesecurity.com Usage: Run...

Kwik Pay Payroll 4.10.3 - '.mdb' Crash (PoC)

Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data Source Drop-Down: Kwik-Pay Payroll Da...