Security Bulletins - Security Bulletins |
Page 8 of 9
April 08, 2010 2010-04-08: Apple QuickTime CoreMedia H.263 Encoded '.3g2' Movie Files Heap Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition. http://www.securityfocus.com/bid/39167
April 08, 2010 2010-04-08: TUGZip 3.5 ZIP File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39180
April 08, 2010 2010-04-08: Linux Kernel 'nameidata' Null Pointer Dereference Vulnerability An attacker can exploit this issue to crash the affected system. Due to the nature of the issue, code execution is possible; however, it has not been confirmed. http://www.securityfocus.com/bid/39186
April 08, 2010 2010-04-08: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. http://www.securityfocus.com/bid/36935
April 08, 2010 2010-04-08: Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability An attacker can exploit this issue to gain unauthorized network access. Successfully exploiting this issue may lead to further attacks. http://www.securityfocus.com/bid/39234
April 08, 2010 2010-04-08: gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability The 'gnome-screensaver' application is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen. http://www.securityfocus.com/bid/38211
April 08, 2010 2010-04-08: Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. http://www.securityfocus.com/bid/39081
April 08, 2010 2010-04-08: Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. http://www.securityfocus.com/bid/39078
April 08, 2010 2010-04-08: Joomla! JA Voice Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39343
April 08, 2010 2010-04-08: Joomla! Webee Comments Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39342
April 08, 2010 2010-04-08: Joomla! foobla Suggestions Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39341
April 08, 2010 2010-04-08: Joomla! Realtyna Translator Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39337
April 08, 2010 2010-04-08: AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. http://www.securityfocus.com/bid/39334
April 08, 2010 2010-04-08: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. http://www.securityfocus.com/bid/39331
April 08, 2010 2010-04-08: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities Adobe released advance notification that on April 13, 2010, the vendor will be releasing a security bulletin addressing multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities are rated 'critical'. http://www.securityfocus.com/bid/39329
April 08, 2010 2010-04-08: Smileys Module For Drupal Delete URI Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible. http://www.securityfocus.com/bid/39316
April 08, 2010 2010-04-08: TCPDF 'params' Attribute Remote Code Execution Weakness An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver. http://www.securityfocus.com/bid/39315
April 08, 2010 2010-04-08: MODx Evolution Cross Site Scripting and SQL Injection Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39310
April 08, 2010 2010-04-08: Joomla! 'com_articles' Component 'sid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39307
April 07, 2010 T-343: Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability Oracle Java SE and Java for Business are prone to a remote vulnerability in the Java Runtime Environment. The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-343.shtml
April 07, 2010 2010-04-07: Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory. http://www.securityfocus.com/bid/37945
April 07, 2010 2010-04-07: Apache Tomcat WAR File Directory Traversal Vulnerability Exploiting this issue allows attackers to delete or overwrite arbitrary files within the context of the webserver. http://www.securityfocus.com/bid/37944
April 07, 2010 2010-04-07: Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks. http://www.securityfocus.com/bid/37942
April 07, 2010 2010-04-07: Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code. http://www.securityfocus.com/bid/37368
April 07, 2010 2010-04-07: Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. http://www.securityfocus.com/bid/39062
April 07, 2010 2010-04-07: Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability A local attacker can exploit this issue to corrupt system files, resulting in a denial-of-service condition. Other attacks may be possible. http://www.securityfocus.com/bid/38326
April 07, 2010 2010-04-07: Samba Symlink Directory Traversal Vulnerability Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks. To exploit this issue, attackers require authenticated access to a writable share. Note that this issue may be exploited through a writable share accessible by guest accounts. http://www.securityfocus.com/bid/38111
April 07, 2010 2010-04-07: Intel Active Management Technology SDK Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39043
April 07, 2010 2010-04-07: Apple Mac OS X Preferences System Login Restrictions Authentication Bypass Security Vulnerability An attacker can exploit this issue to gain unauthorized access to the affected computer. Succesful exploits may lead to other attacks. http://www.securityfocus.com/bid/39153
April 07, 2010 2010-04-07: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. http://www.securityfocus.com/bid/37118
April 07, 2010 2010-04-07: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. http://www.securityfocus.com/bid/37865
April 07, 2010 2010-04-07: Stack Ideas 'com_sectionex' Component for Joomla! Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/38751
April 07, 2010 2010-04-07: CUPS 'lppasswd' Tool Localized Message String Security Weakness Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers. http://www.securityfocus.com/bid/38524
April 07, 2010 2010-04-07: ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Other attacks are also possible. http://www.securityfocus.com/bid/35848
April 07, 2010 2010-04-07: Mahara Username Generation SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39253
|