Monthly Archive: February 2012

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to...

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary...

Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio...

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code...

Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video...

RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream....

The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code...

rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. Date published : 2012-02-08...

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application...

Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from...

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416...

SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third...

Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter. Date published : 2012-02-07 http://www.securityfocus.com/bid/51882 http://archives.neohapsis.com/archives/bugtraq/2012-02/0028.html