8217 matches found
gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data
Array index error in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted Sync Sample aka stss atom da...
gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...
Important: Red Hat Security Advisory: gstreamer-plugins-good security update
Updated gstreamer-plugins-good packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. GStreamer is a streaming media framework, based on graphs of filters whi...
CentOS 3 : gstreamer-plugins (CESA-2009:0269)
Updated gstreamer-plugins packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The gstreamer-plugins package contains plug-ins used by the GStreamer...
gstreamer-plugins security update
0.6.0-19 - Add patch for CVE-2009-0398 Related: rhbz 483216...
gstreamer-plugins-good security update
0.10.9-1.el5.1 - Add patch for CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 Related: rhbz 483220...
gstreamer-plugins security update
0.8.5-1.0.1.EL.2 - Update release to address ULN up2date 0.8.5-1.EL.2 - Add patch for CVE-2009-0397 Related: rhbz 483217...
CentOS 4 : gstreamer-plugins (CESA-2009:0270)
Updated gstreamer-plugins packages that fix one security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The gstreamer-plugins package contains plugins used by the GStreamer streaming-med...
Firefox Chrome privilege escalation via local .desktop files
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the 1 about:plugins and 2 about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a...
CVE-2009-0398
Array index error in the gstqtptrakhandler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins aka gstreamer-plugins 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file...
PYSEC-2009-16
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...
PYSEC-2009-16
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...
CVE-2009-0397
CVE-2009-0397 affects GStreamer: deprecated heap-based buffer overflow in qtdemux_parse_samples in gst/qtdemux/qtdemux.c, impacting GStreamer Good Plug-ins 0.10.9–0.10.11 and GStreamer plug-ins 0.8.5. A crafted QuickTime .mov file could allow remote code execution. According to the connected advi...
PYSEC-2009-14
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...
PYSEC-2009-14
Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...
CVE-2008-5949
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...
gstreamer-plugins-good -- multiple memory overflows
Secunia reports: Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system. A boundary error occurs within the "qtdemuxparsesamples" function in gst/gtdemux/qtdemux.c when performing QuickTim...
CVE-2008-5457
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2008-5457
CVE-2008-5457 describes a buffer overflow in BEA/Oracle WebLogic Server plug-ins (Apache/Sun/IIS) used to proxy requests. Public records show a JSESSIONID cookie overflow vector that requires clustering to be exploitable, enabling remote code execution. Exploitation details and PoCs exist (Metasp...