Security Hero » User-Assisted http://sechero.com If it's about security, you heard it here first Mon, 12 Jul 2010 23:27:38 +0000 en hourly 1 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-15/ http://sechero.com/user-assisted-execution-of-arbitrary-code-15/#comments Wed, 27 May 2009 19:20:01 +0000 invalid string

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 May 2009 13:16:26 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 5683 invoked from network); 27 May 2009 18:37:25 -0000 arbitrary code Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-qKcs3BrUY+SMIGtTngxH" Message-Id: <1243449441.4200.1.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.26.2 X-IMAPbase: 1176125385 9205 Status: O X-UID: 9205 Content-Length: 3703 X-Keywords:

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-15/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-14/ http://sechero.com/user-assisted-execution-of-arbitrary-code-14/#comments Wed, 27 May 2009 18:37:21 +0000 invalid string

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

Posted by Alex Legler on May 27

– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
Gentoo Linux Security Advisory GLSA 200905-09
– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

URL: http://seclists.org/fulldisclosure/2009/May/0238.html

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-14/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-13/ http://sechero.com/user-assisted-execution-of-arbitrary-code-13/#comments Mon, 25 May 2009 16:10:01 +0000 invalid string

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 May 2009 08:14:36 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18052 invoked from network); 24 May 2009 13:02:26 -0000 Message-ID: <4A194608.5000400@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig7908179A37B0D63E2981DCF1" X-IMAPbase: 1176125385 9175 Status: O X-UID: 9175 Content-Length: 3730 X-Keywords:

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-13/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-12/ http://sechero.com/user-assisted-execution-of-arbitrary-code-12/#comments Sun, 24 May 2009 13:05:12 +0000 invalid string

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on May 24

– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
Gentoo Linux Security Advisory GLSA 200905-02
– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

URL: http://seclists.org/fulldisclosure/2009/May/0195.html

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-12/feed/ 0 1311 (firefox, seamonkey) http://sechero.com/1311-firefox-seamonkey/ http://sechero.com/1311-firefox-seamonkey/#comments Wed, 22 Apr 2009 00:00:00 +0000 invalid string http://sechero.com/1311-firefox-seamonkey/

CVE-2009-1311 (firefox, seamonkey)

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame’s URL during a SAVEMODE_FILEONLY save of the inner frame.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1311

]]> http://sechero.com/1311-firefox-seamonkey/feed/ 0 1310 (firefox) http://sechero.com/1310-firefox/ http://sechero.com/1310-firefox/#comments Wed, 22 Apr 2009 00:00:00 +0000 invalid string http://sechero.com/1310-firefox/

CVE-2009-1310 (firefox)

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1310

]]> http://sechero.com/1310-firefox/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-10/ http://sechero.com/user-assisted-execution-of-arbitrary-code-10/#comments Mon, 20 Apr 2009 15:44:34 +0000 invalid string

Bugtraq: [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

URL: http://www.securityfocus.com/archive/1/502790

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-10/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-11/ http://sechero.com/user-assisted-execution-of-arbitrary-code-11/#comments Mon, 20 Apr 2009 14:50:01 +0000 invalid string

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 20 Apr 2009 15:45:27 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LvukQ-0004zH-Qo for email@address; Mon, 20 Apr 2009 15:45:26 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 53F7C237126; Mon, 20 Apr 2009 08:38:44 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 26886 invoked from network); 18 Apr 2009 11:05:12 -0000 User-Agent: KMail/1.9.9 Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1499796.gZMa6W10PW"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200904181311.48413.rbu@gentoo.org> X-IMAPbase: 1176125385 8831 Status: O X-UID: 8831 Content-Length: 5063 X-Keywords:

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-11/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-9/ http://sechero.com/user-assisted-execution-of-arbitrary-code-9/#comments Sat, 18 Apr 2009 11:11:39 +0000 invalid string

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

Posted by Robert Buchholz on Apr 18

– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
Gentoo Linux Security Advisory GLSA 200904-17
– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

URL: http://seclists.org/fulldisclosure/2009/Apr/0192.html

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-9/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-8/ http://sechero.com/user-assisted-execution-of-arbitrary-code-8/#comments Fri, 17 Apr 2009 20:43:40 +0000 invalid string http://sechero.com/user-assisted-execution-of-arbitrary-code-8/

Bugtraq: [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

URL: http://www.securityfocus.com/archive/1/502764

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-8/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-7/ http://sechero.com/user-assisted-execution-of-arbitrary-code-7/#comments Fri, 17 Apr 2009 19:20:01 +0000 invalid string

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Fri, 17 Apr 2009 20:14:59 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LutWd-0005B1-Db for email@address; Fri, 17 Apr 2009 20:14:59 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 0D70A143918; Fri, 17 Apr 2009 13:08:50 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 2408 invoked from network); 17 Apr 2009 18:53:54 -0000 Message-ID: <49E8D266.8050505@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com code X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig467ED426D4320B44AE46D35C" X-IMAPbase: 1176125385 8826 Status: O X-UID: 8826 Content-Length: 3530 X-Keywords:

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-7/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-6/ http://sechero.com/user-assisted-execution-of-arbitrary-code-6/#comments Fri, 17 Apr 2009 19:03:02 +0000 invalid string http://sechero.com/user-assisted-execution-of-arbitrary-code-6/

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on Apr 17

– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
Gentoo Linux Security Advisory GLSA 200904-16
– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

URL: http://seclists.org/fulldisclosure/2009/Apr/0189.html

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-6/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-5/ http://sechero.com/user-assisted-execution-of-arbitrary-code-5/#comments Fri, 17 Apr 2009 17:40:01 +0000 invalid string http://sechero.com/user-assisted-execution-of-arbitrary-code-5/

[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Fri, 17 Apr 2009 18:32:44 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Lurvg-0002n6-5F for email@address; Fri, 17 Apr 2009 18:32:44 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 8467A143A00; Fri, 17 Apr 2009 09:10:10 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 20449 invoked from network); 16 Apr 2009 21:56:40 -0000 User-Agent: KMail/1.9.9 Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5373373.Ui0zdcsk9n"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200904170002.58671.rbu@gentoo.org> X-IMAPbase: 1176125385 8819 Status: O X-UID: 8819 Content-Length: 3719 X-Keywords:

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-5/feed/ 0 User-assisted execution of arbitrary code http://sechero.com/user-assisted-execution-of-arbitrary-code-4/ http://sechero.com/user-assisted-execution-of-arbitrary-code-4/#comments Thu, 16 Apr 2009 22:02:51 +0000 invalid string http://sechero.com/user-assisted-execution-of-arbitrary-code-4/

[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code

Posted by Robert Buchholz on Apr 17

– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
Gentoo Linux Security Advisory GLSA 200904-15
– - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -

URL: http://seclists.org/fulldisclosure/2009/Apr/0166.html

]]> http://sechero.com/user-assisted-execution-of-arbitrary-code-4/feed/ 0 3871 (ultraiso) http://sechero.com/3871-ultraiso/ http://sechero.com/3871-ultraiso/#comments Wed, 01 Apr 2009 00:00:00 +0000 invalid string http://sechero.com/3871-ultraiso/

CVE-2008-3871 (ultraiso)

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3871

]]> http://sechero.com/3871-ultraiso/feed/ 0