Security Bulletins - April21 |
Page 2 of 9
April 21, 2010 2010-04-21: MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in a denial-of-service condition. http://www.securityfocus.com/bid/38260
April 21, 2010 2010-04-21: MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions. http://www.securityfocus.com/bid/37749
April 21, 2010 2010-04-21: MIT Kerberos 'gss_accept_sec_context()' Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. http://www.securityfocus.com/bid/38904
April 21, 2010 2010-04-21: MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. http://www.securityfocus.com/bid/37486
April 21, 2010 2010-04-21: Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39336
April 21, 2010 2010-04-21: Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39312
April 21, 2010 2010-04-21: Microsoft Windows SMB Packet Remote Denial of Service Vulnerability A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users. http://www.securityfocus.com/bid/36989
April 21, 2010 2010-04-21: Microsoft Windows SMB Client Message Size Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39340
April 21, 2010 2010-04-21: Microsoft Windows SMB Client Transaction Response Remote Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39339
April 21, 2010 2010-04-21: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition. http://www.securityfocus.com/bid/39303
April 21, 2010 2010-04-21: Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable (PE) or cabinet file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. http://www.securityfocus.com/bid/39328
April 21, 2010 2010-04-21: Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed cabinet ('.cab') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. http://www.securityfocus.com/bid/39332
April 21, 2010 2010-04-21: Simasy CMS 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/30774
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed. http://www.securityfocus.com/bid/39524
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed. http://www.securityfocus.com/bid/39523
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39417
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39522
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application; other attacks may also be possible. http://www.securityfocus.com/bid/39515
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39518
April 21, 2010 2010-04-21: Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39514
April 21, 2010 2010-04-21: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39470
April 21, 2010 2010-04-21: Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39505
April 21, 2010 2010-04-21: Adobe Reader CVE-2010-0200 Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39227
April 21, 2010 2010-04-21: Joomla! Seber Cart Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39237
April 21, 2010 2010-04-21: uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38102
April 21, 2010 2010-04-21: WB News '/base/Comments.php' HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. http://www.securityfocus.com/bid/39626
April 21, 2010 2010-04-21: LightNEasy 'get_file.php' Local File Disclosure Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. http://www.securityfocus.com/bid/39623
April 21, 2010 2010-04-21: ZipGenius ZIP Archive Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/39622
April 21, 2010 2010-04-21: LightNEasy 'language' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39621
April 21, 2010 2010-04-21: PortfolioDesign.org Portfolio for Joomla! 'phpThumb.php' Remote File Disclosure Vulnerability An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. http://www.securityfocus.com/bid/39620
April 21, 2010 2010-04-21: v2marketplacescript Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.securityfocus.com/bid/39618
April 21, 2010 2010-04-21: SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/39616
April 21, 2010 2010-04-21: DBSite wb CMS 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39613
April 21, 2010 2010-04-21: Cisco Small Business Video Surveillance Cameras & 4-Port Router Authentication Bypass Vulnerability Successful exploits allow remote authenticated attackers to obtain other users' passwords and gain access to the vulnerable device. This will completely compromise an affected device. http://www.securityfocus.com/bid/39612
April 21, 2010 2010-04-21: openMairie openRegistreCIL Local and Remote File Include Vulnerabilities Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible. http://www.securityfocus.com/bid/39611
April 21, 2010 2010-04-21: Elastix 'id_nodo' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39610
April 21, 2010 2010-04-21: e107 'e107_admin/banner.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39609
April 21, 2010 2010-04-21: Webmoney Web Merchant Interface Component for Joomla! Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39608
April 21, 2010 2010-04-21: MMS Blog Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39607
April 21, 2010 2010-04-21: OrgChart Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39606
April 21, 2010 2010-04-21: phpThumb() 'fltr[]' Parameter Command Injection Vulnerability Attackers can exploit this issue to execute arbitrary commands in the context of the webserver. Note that successful exploitation requires 'ImageMagick' to be installed. http://www.securityfocus.com/bid/39605
April 21, 2010 2010-04-21: imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application that uses the affected library. Failed exploit attempts may result in a denial-of-service condition. http://www.securityfocus.com/bid/39604
|