Monthly Archive: May 2013

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. Date published : 2013-05-24...

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. Date published : 2013-05-24 http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. Date published : 2013-05-24 http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. Date published : 2013-05-24 http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. Date published : 2013-05-24 http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Date published : 2013-05-24...

Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. Date published : 2013-05-23 http://www.promotic.eu/en/pmdoc/News.htm#ver80105 http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02

Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. Date published : 2013-05-23 http://www.promotic.eu/en/pmdoc/News.htm#ver80105 http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2013-05-23 http://www.promotic.eu/en/pmdoc/News.htm#ver80105 http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02

engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. Date published : 2013-05-23 http://www.securityfocus.com/bid/53623 http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. Date published : 2013-05-23 http://www.securityfocus.com/bid/53623 http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from...

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. Date published : 2013-05-23 http://www.securityfocus.com/bid/53617 http://www.exploit-db.com/exploits/18900

Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php;...