What's New
VirtueMart Shopping Cart
Your Cart is currently empty.
Category Blog Security Bulletins - April 14
| Security Bulletins - April 14 |
 |
 |
 |
Page 6 of 9
April 14, 2010 2010-04-14: Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39300
April 14, 2010 2010-04-14: Microsoft Visio Index Calculation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39302
April 14, 2010 2010-04-14: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks. http://www.securityfocus.com/bid/39132
April 14, 2010 2010-04-14: mimeTeX Multiple Information Disclosure Vulnerabilities Attackers may leverage these issues to obtain sensitive information that may lead to further attacks. http://www.securityfocus.com/bid/36632
April 14, 2010 2010-04-14: mimeTeX Multiple Stack Buffer Overflow Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/36631
April 14, 2010 2010-04-14: JA Comment Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39516
April 14, 2010 2010-04-14: Delicious Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39513
April 14, 2010 2010-04-14: Love Factory Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39512
April 14, 2010 2010-04-14: MT Fire Eagle Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39509
April 14, 2010 2010-04-14: Photo Battle Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39504
April 14, 2010 2010-04-14: S5 Clan Roster 'com_s5clanroster' Joomla! Component Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39503
April 14, 2010 2010-04-14: wgPicasa Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39497
April 14, 2010 2010-04-14: RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities Exploiting these issues may allow attackers to gain unauthorized access to affected computers. Failed attempts may cause crashes and deny service to legitimate users of the application. http://www.securityfocus.com/bid/39490
April 14, 2010 2010-04-14: Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. http://www.securityfocus.com/bid/39489
April 14, 2010 2010-04-14: media Mall Factory Joomla! Component 'category' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39488
April 14, 2010 2010-04-14: almnzm 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39487
April 13, 2010 T-347: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability Multiple VMware-hosted products are prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks. This risk is undetermined. http://www.doecirc.energy.gov/bulletins/t-347.shtml
April 13, 2010 TA10-103C: Adobe Reader and Acrobat Vulnerabilities An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a website. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF document. http://www.us-cert.gov/cas/techalerts/TA10-103C.html
April 13, 2010 TA10-103B: Oracle Updates for Multiple Vulnerabilities The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information. http://www.us-cert.gov/cas/techalerts/TA10-103B.html
April 13, 2010 MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing A spoofing vulnerability exists in the Microsoft Windows IPv6 stack due to the way that Windows checks the inner packet's IPv6 source address in a tunneled ISATAP packet. An attacker who successfully exploited this vulnerability could impersonate an address to bypass edge or host firewalls. Additionally, information could be disclosed when the targeted computer replies to the message using the source IPv6 address that the attacker specified. http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx
April 13, 2010 MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Visio calculates indexes when handling specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
April 13, 2010 MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution A remote code execution vulnerability exists in the Windows Media Player ActiveX control. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs or view, change, or delete data with full user rights. http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
April 13, 2010 MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
April 13, 2010 MS10-025: Vulnerability in Microsoft's Windows Media Services Could Allow REmote Code Execution A remote code execution vulnerability exists in Microsoft Windows 2000 Server Service Pack 4 running the optional Windows Media Services component due to the way the Windows Media Unicast Service handles specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default. Only Microsoft Windows 2000 Server systems that have enabled Windows Media Services are affected by this vulnerability. http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
April 13, 2010 MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component due to the manner in which the SMTP component handles memory allocation. An attacker could exploit the vulnerability by sending invalid commands, followed by the STARTTLS command, to an affected server. An attacker who successfully exploited this vulnerability could read random e-mail message fragments stored on the affected server. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system. http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
April 13, 2010 MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file. http://www.microsoft.com/technet/security/Bulletin/MS10-023.mspx
April 13, 2010 MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, the Windows Help System would be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. http://www.microsoft.com/technet/security/Bulletin/MS10-022.mspx
April 13, 2010 MS10-021: Vulnerabilities in Windows Kernel could allow Elevation of Privilege A denial of service vulnerability exists in the Windows kernel due to the way that the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application, causing the system to become unresponsive and automatically restart. http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
April 13, 2010 MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system. http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
April 13, 2010 MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file formats. An anonymous attacker could exploit the vulnerability by modifying an existing signed cabinet file to point the unverified portions of the signature to malicious code, and then convincing a user to open or view the specially crafted cabinet file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
April 12, 2010 T-346: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability MIT Kerberos is prone to a remote denial-of-service vulnerability in 'kadmind'. An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. MIT Kerberos 5 1.5 through 1.6.3 are vulnerable. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-346.shtml
|