Mac OS X

Mozilla Firefox UTF-8 Buffer Overflow Exploit Update

This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL. This update appends info to the "Supported systems notes" section.

Apple Safari Webkit libxslt Arbitrary File Creation

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site.

AWStats migrate Remote Code Execution Exploit

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Coppermine picEditor Remote Code Execution Exploit

The include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) (before 1.4.15), when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via a shell.

e107 Install Script Command Injection Exploit

e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter.

OpenLDAP modrdn Request Multiple Vulnerabilities

OpenLDAP allows remote attackers to cause a denial of service effect (service crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function within schema_init.c

Mozilla Firefox OnChannelRedirect Method Memory Corruption Exploit

This module exploits an use after free in Mozilla Firefox when manipulating an mChannel Element.