Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal

Seeker Research Center Security Advisory This vulnerability was discovered by Seekerr Automatic Run-Time Application Security Testing Solution Disclosed By Irene Abezgauz, September 13th, 2011 ========= I. Overview ========= An Insecure Redirect vulnerability has been identified in Microsoft...

Fedora 14 : nip2-7.24.2-1.fc14 / vips-7.24.7-2.fc14 (2011-10781)

7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

CVE-2011-0256

Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted track run atoms in a QuickTime movie file...

Integer overflow

Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted track run atoms in a QuickTime movie file...

Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)

This host is missing a critical security update according to Microsoft Bulletin MS11-063. OpenVAS Vulnerability Test $Id: secpodms11-063.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability 2567680 Authors: Antu Sanadi...

CVE-2011-3006

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting XSS attack, execute arbitrary code using the...

Windows Manage Run Command As User

This module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default, by setting CMDOUT to true output will be redirected to a temp file and read back in to display. By setting advanced option SETPASS to true, it will...

PT-2011-3363 · Gnu +1 · Gimp +1

Name of the Vulnerable Software and Affected Versions: GIMP version 2.6.11 Description: The issue is related to a heap-based buffer overflow in the read channel data function in the Paint Shop Pro PSP plugin. This can be triggered by a PSP COMP RLE aka RLE compression image file that begins a lon...

OSForensics – Digital investigations faster

OSForensics – Digital investigations faster Here there is a new utility called OSForensics, currently it is freely available that I found very useful for conducting a computer forensics. OSForensics can retrieve data about recently accessed applications, documents, media and network shares by...

Null pointer dereference

The Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL...

Integer overflow

Integer overflow in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cau...

CVE-2011-1283

The CVE-2011-1283 entry concerns the Windows CSRSS component in the Win32 subsystem. The vulnerability arises from an array index check flaw in SrvSetConsoleNumberOfCommand, allowing a local attacker to cause memory corruption and elevate privileges by triggering an incorrect memory assignment fo...

CVE-2011-1281

The Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a...

Easewe FTP 4.5.0.9 Insecure Method

Vulnerability ID: HTB23015 Reference: http://www.htbridge.ch/advisory/easeweftpocxactivexcontrolexecuteinsecuremethod.html Product: Easewe FTP OCX ActiveX Control Vendor: Easewe Software http://www.ftpocx.com Vulnerable Version: 4.5.0.9 and probably prior Tested on: 4.5.0.9 Vendor Notification: 0...

AIX 530012 : U841206

The remote host is missing AIX PTF U841206 which is related to the security of the package devices.scsi.disk.diag.com You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

Turkey police arrests 32 Anonymous hackers for DDOS attack

Turkey police arrests 32 Anonymous hackers for DDOS attack Turkey have detained 32 more suspects that the authorities believe are linked to Anonymous. The Turkish state-run news agency reports that the suspect were taken into custody by police after raids in dozens of cities it's not clear how th...

Easewe FTP ActiveX Control Multiple Insecure Methods

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Easewe FTP OCX ActiveX Control, which can be exploited to potentially compromise a user's system. 1 Insecure methods in Easewe FTP ActiveX Control 1.1 The vulnerability is caused due to the EaseWeFtp.FtpLibrary...

Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in

Heap-based buffer overflow in the readchanneldata function in file-psp.c in the Paint Shop Pro PSP plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a PSPCOMPRLE aka RLE compression image file that begins a long run...

AIX 610004 : U841509

The remote host is missing AIX PTF U841509 which is related to the security of the package bos.rte.libc You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...