What's New
VirtueMart Shopping Cart
Your Cart is currently empty.
Category Blog Security Bulletins - April cont
| Security Bulletins - April cont |
 |
 |
 |
Page 7 of 9
April 09, 2010 2010-04-09: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks. http://www.securityfocus.com/bid/39132
April 09, 2010 2010-04-09: Drupal Views Module Cross Site Scripting and PHP Code Injection Vulnerabilities An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process. http://www.securityfocus.com/bid/39301
April 09, 2010 2010-04-09: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/38952
April 09, 2010 2010-04-09: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/39013
April 09, 2010 2010-04-09: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users. http://www.securityfocus.com/bid/31692
April 09, 2010 2010-04-09: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/38533
April 09, 2010 2010-04-09: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability SpamAssassin Milter Plugin is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. http://www.securityfocus.com/bid/38578
April 09, 2010 2010-04-09: MoinMoin 'Despam' Action HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. http://www.securityfocus.com/bid/39110
April 09, 2010 2010-04-09: Microsoft Internet Explorer 'Tabular Data Control' ActiveX Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/39025
April 09, 2010 2010-04-09: VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities VMware hosted products are prone to multiple remote and local vulnerabilities: A remote arbitrary code-execution vulnerability, a privilege-escalation vulnerabillity, multiple heap-based buffer-overflow vulnerabilities, multiple format-string vulnerabilities, a remote denial-of-service vulnerabillity, and an information-disclosure vulnerability. An attacker can exploit these issues to execute arbitrary code, elevate privileges, cause denial-of-service conditions, and obtain sensitive information. Other attacks are also possible. http://www.securityfocus.com/bid/39345
April 09, 2010 2010-04-09: Linux Kernel ReiserFS Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. http://www.securityfocus.com/bid/39344
April 08, 2010 T-344: Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data when parsing FLC encoded '.fli' movie files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-344.shtml
April 08, 2010 2010-04-08: ClamAV Security Bypass And Memory Corruption Vulnerabilities Attackers may exploit the issues to bypass certain security restrictions or execute arbitrary code in the context of the application. Failed exploit attempts may result in denial-of-service conditions. http://www.securityfocus.com/bid/39262
April 08, 2010 2010-04-08: myMP3-Player '.m3u' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/38835
April 08, 2010 2010-04-08: udisks 'probers/udisks-dm-export.c' Local Information Disclosure Vulnerability Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. http://www.securityfocus.com/bid/39265
April 08, 2010 2010-04-08: Joomla! AWD Wall Component 'cbuser' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/38194
April 08, 2010 2010-04-08: Pulse CMS 'view.php' Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/38356
April 08, 2010 2010-04-08: Joomla! UIajaxIM Component Arbitrary Script Injection Vulnerability The 'UIajaxIM' component for Joomla! is prone to a vulnerability that an attacker could exploit to execute arbitrary script code in the context of the webserver. The issue occurs because the component fails to properly sanitize user-supplied input. Successful exploits may compromise the application. http://www.securityfocus.com/bid/35798
April 08, 2010 2010-04-08: Foxit Reader Remote Code Execution Vulnerability Foxit Reader is prone to a remote code-execution vulnerability because it fails to properly restrict access to certain functionality. An attacker can exploit this issue by enticing a user to open a malicious PDF file. Successful exploits may allow the attacker to execute arbitrary code or commands in the context of a user running the affected application. http://www.securityfocus.com/bid/39109
April 08, 2010 2010-04-08: Multiple Vendor 'librpc.dll' Stack Buffer Overflow Vulnerability Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/38472
|