IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code with root privileges. Successfully exploiting this issue will result in...

IBM DB2 - DT_RPATH Insecure Library Loading Arbitrary Code Execution

IBM DB2 - DTRPATH Insecure Library Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code wit...

Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. CVE-2010-4529 Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc...

[SECURITY] Fedora 15 Update: gdk-pixbuf2-2.23.3-2.fc15

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

xAurora 10.00 - RSRC32.dll DLL Loading Arbitrary Code Execution

xAurora 10.00 - RSRC32.dll DLL Loading Arbitrary Code Execution / source: https://www.securityfocus.com/bid/48432/info xAurora is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application...

PT-2011-10: Abritrary Files Loading in ManageEngine ServiceDesk Plus 8.0

The specialists of the Positive Research center have detected "Abritrary Files Loading" vulnerability in ManageEngine ServiceDesk Plus. Insufficient CSV file input filtering in user import script allows attackers with guest privileges account guest/guest overwrite an arbitrary file in bin folder ...

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2011-2094, CVE-2011-2095, CVE-2011-209...

xAurora 10.00 - &#039;RSRC32.dll&#039; DLL Loading Arbitrary Code Execution

/ source: https://www.securityfocus.com/bid/48432/info xAurora is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a...

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A heap...

Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...

Java Web Start may insecurely load dynamic libraries

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...

Java Web Start may insecurely load settings files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load settings files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

Java Web Start may insecurely load policy files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load policy files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

JVN#09206238: Java Web Start may insecurely load settings files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...

PDFill Insecure Library Loading

Vulnerability title: PDFill Insecure Library Loading CVSS Risk Rating: 2.9 Low Product: PDFill PDF Editor 8.0 Application Vendor: PlotSoft Vendor URL: http://www.plotsoft.com Public disclosure date: 6/9/2011 Discovered by: Jose Hernandez and Solutionary Engineering Research Team SERT Solutionary...

Microsoft Windows Live Messenger 14 - dwmapi.dll DLL Loading Arbitrary Code Execution

Microsoft Windows Live Messenger 14 - dwmapi.dll DLL Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/48055/info Microsoft Windows Live Messenger is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a...

PT-2011-2924 · Gnu +1 · Gimp +1

Name of the Vulnerable Software and Affected Versions: GIMP versions 2.6.x and earlier Description: The issue is caused by multiple integer overflows in the load image function in the Personal Computer Exchange PCX plugin, which can lead to a denial of service application crash or possibly allow...

kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN

The devload function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAPSYSMODULE capability requirement and load arbitrary modules by leveraging the CAPNETADMIN capability...

Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Microsoft Windows multiple security vulnerabilities

SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stac...