Free WMA MP3 Converter version 1.8 SEH buffer overflow exploit.
Monthly Archives: October 2014
Apple Releases Security Updates for QuickTime
Original release date: October 23, 2014
Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service.
Users and administrators are encouraged to review Apple Support Article HT6493 and apply any necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
Posted by Egidio Romano on Oct 23
————————————————————————–
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
————————————————————————–
[-] Software Link:
[-] Affected Versions:
Version 1.9.12 and prior versions.
[-] Weakness Description:
The vulnerable code is located in the /lib/execute/execSetResults.php script:
428….
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
Posted by Egidio Romano on Oct 23
—————————————————————-
TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
—————————————————————-
[-] Software Link:
[-] Affected Versions:
Version 1.9.12 and prior versions.
[-] Weakness Description:
The vulnerable code is located in the /lib/functions/database.class.php script:
208….
Ubuntu Security Notice USN-2388-2
Ubuntu Security Notice 2388-2 – USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
Ubuntu Security Notice USN-2388-1
Ubuntu Security Notice 2388-1 – A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
Red Hat Security Advisory 2014-1668-01
Red Hat Security Advisory 2014-1668-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel’s Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. This update also fixes several bugs and adds one enhancement.