Léger Recherche

The following exploits and proof-of-concepts were developed by VUPEN

and are available as part of the VUPEN Exploits & PoCs Service :

More information: http://www.vupen.com/exploits

* VLC Media Player SMB URI Processing Buffer Overflow Exploit

This code execution exploit takes advantage of a buffer overflow

vulnerability affecting VLC Media Player when processing a

specially crafted “smb://” URI within a playlist.

CVE ID: CVE-NOMATCH

* Adobe Reader Mesh Generators Processing Heap Overflow Exploit #3

This code execution exploit takes advantage of another heap

overflow vulnerability in Adobe Acrobat Reader when processing

Universal 3D (U3D) content within a PDF file.

CVE ID: CVE-2009-2028

______________________________________________________________________

VUPEN Security monitors, reviews, and verifies vulnerability reports

then publishes security advisories which help network professionals

to eliminate irrelevant alerts and respond quickly and efficiently to

important and real security threats.

* VMware ESX Security Update Fixes Kerberos Code Execution Vulnerability

http://www.vupen.com/english/advisories/2009/1750

* Pidgin ICQ Web Message Handling Denial of Service Vulnerability

http://www.vupen.com/english/advisories/2009/1749

* Sun Solaris Kernel “udp” Remote Denial of Service Vulnerability

http://www.vupen.com/english/advisories/2009/1748

* Sun Solaris NFSv4 “nfs_portmon” Unauthorized Network Access Issue

http://www.vupen.com/english/advisories/2009/1747

* Sun Java System Access Manager Cross-Site Scripting Vulnerability

http://www.vupen.com/english/advisories/2009/1746

* NEWSolved “newsscript.php” Multiple SQL Injection Vulnerabilities

http://www.vupen.com/english/advisories/2009/1739

* Audio Article Directory “file” Parameter File Disclosure Vulnerability

http://www.vupen.com/english/advisories/2009/1738

* BookFlip Component for Joomla “book_id” SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1737

* Clicknet CMS “side” Parameter Processing File Disclosure Vulnerability

http://www.vupen.com/english/advisories/2009/1736

* PHP-Sugar “t” Parameter Processing File Disclosure Vulnerability

http://www.vupen.com/english/advisories/2009/1735

* Almnzm “customer” Parameter Remote SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1734

* K2 Component for Joomla “category” Remote SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1733

* com_php for Joomla “id” Parameter Remote SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1732

* Messages Library “CatID” Parameter Remote SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1731

* Whois.Cart “cpanel_1_log.htm” Information Disclosure Vulnerability

http://www.vupen.com/english/advisories/2009/1730

* SCMPX M3U Playlist Processing Buffer Overflow Vulnerability

http://www.vupen.com/english/advisories/2009/1729

* HT-MP3Player “.ht3″ File Processing Buffer Overflow Vulnerability

http://www.vupen.com/english/advisories/2009/1728

* HP-UX Web Server Suite Code Execution and DoS Vulnerabilities

http://www.vupen.com/english/advisories/2009/1727

* osTicket Administrative Login Remote SQL Injection Vulnerability

http://www.vupen.com/english/advisories/2009/1726

* Linux Distributions Multiple Package Security Updates

http://www.vupen.com/english/linux-advisories/

ce message fut affiché - This entry was posted on Thursday, July 2nd, 2009 at 5:12 am and is filed under Vulnerabilities - Vulnérabilités. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.