Security Hero Rotating Header Image

User-Assisted

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 May 2009 13:16:26 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 5683 invoked from network); 27 May 2009 18:37:25 -0000 arbitrary code Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-qKcs3BrUY+SMIGtTngxH" Message-Id: <1243449441.4200.1.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.26.2 X-IMAPbase: 1176125385 9205 Status: O X-UID: 9205 Content-Length: 3703 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

Posted by Alex Legler on May 27

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-09
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0238.html

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 May 2009 08:14:36 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18052 invoked from network); 24 May 2009 13:02:26 -0000 Message-ID: <4A194608.5000400@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig7908179A37B0D63E2981DCF1" X-IMAPbase: 1176125385 9175 Status: O X-UID: 9175 Content-Length: 3730 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on May 24

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0195.html

1311 (firefox, seamonkey)

CVE-2009-1311 (firefox, seamonkey)

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame’s URL during a SAVEMODE_FILEONLY save of the inner frame.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1311

1310 (firefox)

CVE-2009-1310 (firefox)

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1310

User-assisted execution of arbitrary code

Bugtraq: [ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

URL: http://www.securityfocus.com/archive/1/502790

User-assisted execution of arbitrary code

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 20 Apr 2009 15:45:27 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LvukQ-0004zH-Qo for email@address; Mon, 20 Apr 2009 15:45:26 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 53F7C237126; Mon, 20 Apr 2009 08:38:44 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 26886 invoked from network); 18 Apr 2009 11:05:12 -0000 User-Agent: KMail/1.9.9 Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1499796.gZMa6W10PW"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200904181311.48413.rbu@gentoo.org> X-IMAPbase: 1176125385 8831 Status: O X-UID: 8831 Content-Length: 5063 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200904-17 ] Adobe Reader: User-assisted execution of arbitrary code

Posted by Robert Buchholz on Apr 18

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200904-17
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/Apr/0192.html

User-assisted execution of arbitrary code

Bugtraq: [ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

URL: http://www.securityfocus.com/archive/1/502764

User-assisted execution of arbitrary code

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Fri, 17 Apr 2009 20:14:59 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LutWd-0005B1-Db for email@address; Fri, 17 Apr 2009 20:14:59 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 0D70A143918; Fri, 17 Apr 2009 13:08:50 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 2408 invoked from network); 17 Apr 2009 18:53:54 -0000 Message-ID: <49E8D266.8050505@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com code X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig467ED426D4320B44AE46D35C" X-IMAPbase: 1176125385 8826 Status: O X-UID: 8826 Content-Length: 3530 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200904-16 ] libsndfile: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on Apr 17

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200904-16
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/Apr/0189.html

User-assisted execution of arbitrary code

[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Fri, 17 Apr 2009 18:32:44 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Lurvg-0002n6-5F for email@address; Fri, 17 Apr 2009 18:32:44 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 8467A143A00; Fri, 17 Apr 2009 09:10:10 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 20449 invoked from network); 16 Apr 2009 21:56:40 -0000 User-Agent: KMail/1.9.9 Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5373373.Ui0zdcsk9n"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200904170002.58671.rbu@gentoo.org> X-IMAPbase: 1176125385 8819 Status: O X-UID: 8819 Content-Length: 3719 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200904-15 ] mpg123: User-assisted execution of arbitrary code

Posted by Robert Buchholz on Apr 17

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200904-15
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/Apr/0166.html

3871 (ultraiso)

CVE-2008-3871 (ultraiso)

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3871