Security Bulletins - Security Bulletins |
Page 9 of 9
April 07, 2010 2010-04-07: Smarty Template Engine 'function.math.php' Security Bypass Vulnerability Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application. http://www.securityfocus.com/bid/34918
April 07, 2010 2010-04-07: Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application. http://www.securityfocus.com/bid/31862
April 07, 2010 2010-04-07: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. http://www.securityfocus.com/bid/39247
April 07, 2010 2010-04-07: MIT Kerberos Multiple Memory Corruption Vulnerabilities Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. http://www.securityfocus.com/bid/26750
April 07, 2010 2010-04-07: Linux Kernel 'sctp_rcv_ootb()' Remote Denial of Service Vulnerability Attackers can exploit this issue to cause an infinite loop, denying service to legitimate users. http://www.securityfocus.com/bid/38857
April 07, 2010 2010-04-07: Istgah For Centerhost 'view_ad.php' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39330
April 07, 2010 2010-04-07: IBM Systems Director Agent Insecure File Permissions Vulnerabilities IBM Systems Director Agent is prone to multiple security vulnerabilities because it sets insecure file permissions. An attacker can exploit these issues to perform unauthorized actions by executing the affected scripts. http://www.securityfocus.com/bid/39305
April 07, 2010 2010-04-07: Drupal Internationalization Module Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39304
April 07, 2010 2010-04-07: Plume CMS Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39299
April 07, 2010 2010-04-07: vel File Uploader Remote File Upload Vulnerability Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.securityfocus.com/bid/39294
April 07, 2010 2010-04-07: AnyZip ZIP File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39287
April 07, 2010 2010-04-07: FreePHPWebsiteSoftware 'default_theme.php' Remote File Include Vulnerability An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. http://www.securityfocus.com/bid/39280
April 07, 2010 2010-04-07: PotatoNews 'nid' Parameter Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39276
April 07, 2010 2010-04-07: abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities The attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the application, gain access to local files, and execute arbitrary postscript code. http://www.securityfocus.com/bid/39271
April 07, 2010 2010-04-07: MediaWiki Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. http://www.securityfocus.com/bid/39270
April 07, 2010 2010-04-07: aWiki Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39267
April 07, 2010 2010-04-07: VJDEO Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39266
April 06, 2010 T-342: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This vulnerability affects Mozilla Firefox 3.6.x versions. This risk is High. http://www.doecirc.energy.gov/bulletins/t-342.shtml
April 06, 2010 2010-04-06: Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. http://www.securityfocus.com/bid/39140
April 06, 2010 2010-04-06: Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/39023
April 06, 2010 2010-04-06: Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. http://www.securityfocus.com/bid/31168
April 06, 2010 2010-04-06: Apple QuickTime H.264 Movie File Remote Code Execution Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. http://www.securityfocus.com/bid/39159
April 06, 2010 2010-04-06: Python zlib Module Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/28715
April 06, 2010 2010-04-06: Miranda IM Information Disclosure Vulnerability Successful exploits of this issue may allow attackers to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information. http://www.securityfocus.com/bid/39209
April 06, 2010 2010-04-06: Jzip ZIP File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39326
April 06, 2010 2010-04-06: ShopSystem 'view_image.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39260
April 06, 2010 2010-04-06: Joomla! 'com_xobbix' Component 'prodid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39259
April 06, 2010 2010-04-06: Virata EmWeb URI Remote Denial Of Service Vulnerability Successful exploits will cause the device to reset, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code, but this has not been confirmed. http://www.securityfocus.com/bid/39257
April 06, 2010 2010-04-06: The Best Makers Appointment Component for Joomla! Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39254
April 06, 2010 2010-04-06: joomla-flickr Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39251
April 06, 2010 2010-04-06: NextGEN Gallery WordPress Plugin 'xml/media-rss.php' Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39250
April 06, 2010 2010-04-06: Computer Associates XOsoft Unspecified SOAP Request Information Disclosure Vulnerability Computer Associates XOsoft is prone to an information-disclosure vulnerability because of a lack of appropriate authentication. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. http://www.securityfocus.com/bid/39249
April 06, 2010 2010-04-06: JOOFORGE Jukebox Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39248
April 06, 2010 2010-04-06: Affiliate Feeds Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39246
April 06, 2010 2010-04-06: Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. http://www.securityfocus.com/bid/39244
April 06, 2010 2010-04-06: McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible. http://www.securityfocus.com/bid/39242
April 06, 2010 2010-04-06: Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39238
April 06, 2010 2010-04-06: Microsoft Office Communicator SIP Remote Denial of Service Vulnerability Exploiting this issue allows remote attackers to cause denial-of-service conditions. http://www.securityfocus.com/bid/39221
April 05, 2010 T-341: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the WebDAV functionality. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This risk is High. http://www.doecirc.energy.gov/bulletins/t-341.shtml
April 02, 2010 T-340: Jabber Studio JabberD Remote Denial Of Service Vulnerability Jabber Studio 'jabberd' is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network messages. An attacker may leverage this issue by causing the affected server to crash, denying service to legitimate users. This issue can be exploited through the use of a client application for jabber. http://www.doecirc.energy.gov/bulletins/t-340.shtml
April 02, 2010 T-339: Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This issue was disclosed by Nils during the Pwn2Own 2010 contest as part of the CanSecWest security conference. http://www.doecirc.energy.gov/bulletins/t-339.shtml
|