Security Bulletins - April 16 15 |
Page 5 of 9
April 15, 2010 2010-04-15: BeeHeard Components for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39506
April 15, 2010 2010-04-15: TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39500
April 15, 2010 2010-04-15: IBM BladeCenter Advanced Management Module Denial of Service Vulnerability Successful exploits will cause the affected service to reboot, denying service to legitimate users. http://www.securityfocus.com/bid/39499
April 15, 2010 2010-04-15: Mocha W32 LPD Remote Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39498
April 15, 2010 2010-04-15: Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39496
April 15, 2010 2010-04-15: Intellectual Property Joomla! Component 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39495
April 14, 2010 T-348: Java Deployment Toolkit Performs Insufficient Validation of Parameters The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. This risk is Low. http://www.doecirc.energy.gov/bulletins/t-348.shtml
April 14, 2010 2010-04-14: PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0879 Remote PeopleTools Vulnerability The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Valid Session' privileges. http://www.securityfocus.com/bid/39441
April 14, 2010 2010-04-14: OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks. http://www.securityfocus.com/bid/25163
April 14, 2010 2010-04-14: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/39013
April 14, 2010 2010-04-14: Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability Successful exploits will allow attackers to obtain the contents of a portion of memory or crash the application. http://www.securityfocus.com/bid/34109
April 14, 2010 2010-04-14: GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library. http://www.securityfocus.com/bid/34100
April 14, 2010 2010-04-14: Webmin and Usermin Unspecified Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/37259
April 14, 2010 2010-04-14: Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39469
April 14, 2010 2010-04-14: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39417
April 14, 2010 2010-04-14: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39470
April 14, 2010 2010-04-14: Cisco Secure Desktop ActiveX Control Executable File Arbitrary File Download Vulnerability Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. Successful exploits will allow attackers to execute arbitrary code within the context of the currently logged-in user. http://www.securityfocus.com/bid/39478
April 14, 2010 2010-04-14: Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38944
April 14, 2010 2010-04-14: Mozilla Firefox CVE-2010-1122 Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39293
April 14, 2010 2010-04-14: Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38939
April 14, 2010 2010-04-14: Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability Attackers can exploit this issue to bypass content-loading policies. The impact of this issue will depend on the reasons behind the content check. Consequences may include cross-site request-forgery attacks, denial-of-service conditions, and possibly remote code execution. http://www.securityfocus.com/bid/38927
April 14, 2010 2010-04-14: Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability An attacker may exploit this issue to obtain authentication credentials associated with a trusted site. This may lead to other attacks. http://www.securityfocus.com/bid/38920
April 14, 2010 2010-04-14: Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or to launch other attacks. http://www.securityfocus.com/bid/38919
April 14, 2010 2010-04-14: Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38921
April 14, 2010 2010-04-14: CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. http://www.securityfocus.com/bid/36958
April 14, 2010 2010-04-14: CUPS 'lppasswd' Tool Localized Message String Security Weakness Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers. http://www.securityfocus.com/bid/38524
April 14, 2010 2010-04-14: CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability CUPS is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/38510
April 14, 2010 2010-04-14: Pango Glyph Definition Table Denial of Service Vulnerability Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users. http://www.securityfocus.com/bid/38760
April 14, 2010 2010-04-14: CUPS File Descriptors Handling Remote Denial Of Service Vulnerability A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/37048
April 14, 2010 2010-04-14: GIMP PSD Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/37040
April 14, 2010 2010-04-14: ViewVC Regular Expression Search Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. http://www.securityfocus.com/bid/39053
April 14, 2010 2010-04-14: GIMP BMP Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/37006
April 14, 2010 2010-04-14: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. http://www.securityfocus.com/bid/36935
April 14, 2010 2010-04-14: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. http://www.securityfocus.com/bid/39331
April 14, 2010 2010-04-14: Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39045
April 14, 2010 2010-04-14: Joomla! 'com_qpersonel' Component 'katid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39466
April 14, 2010 2010-04-14: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users. http://www.securityfocus.com/bid/31692
April 14, 2010 2010-04-14: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/38533
April 14, 2010 2010-04-14: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. http://www.securityfocus.com/bid/39247
April 14, 2010 2010-04-14: Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability Attackers can exploit this to call trusted methods in an unsafe manner; this can be leveraged to execute arbitrary code with the privileges of the user invoking the JRE. http://www.securityfocus.com/bid/39065
April 14, 2010 2010-04-14: GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38628
|