What's New
VirtueMart Shopping Cart
Your Cart is currently empty.
Category Blog Security Bulletins
| Security Bulletins |
 |
 |
 |
Page 1 of 9
July 23, 2010
July 09, 2010
June 25, 2010 2010-06-25: Winplot '.wp2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/40879
June 25, 2010 2010-06-25: Simple Machines Forum Change Administrator Password Security Bypass Vulnerability Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform administrative actions. http://www.securityfocus.com/bid/41150
June 25, 2010 2010-06-25: FieldNotes 32 '.dxf' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41147
June 25, 2010 2010-06-25: 2daybiz Matrimonial Script SQL Injection and Cross Site Scripting Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/41146
June 25, 2010 2010-06-25: WM Downloader '.m3u' File Remote Stack Buffer Overflow Vulnerability Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41145
June 25, 2010 2010-06-25: activeCollab 'index.php' Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/41142
June 25, 2010 2010-06-25: Bugzilla 'time-tracking' Information Disclosure Vulnerability Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. http://www.securityfocus.com/bid/41141
June 25, 2010 2010-06-25: AbleSpace 'news.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/41139
June 24, 2010 T-388: ISC DHCP Server find_length() Zero-Length Client Identifier Remote Denial Of Service Vulnerability ISC DHCP Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-388.shtml
June 24, 2010 2010-06-24: Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41093
June 24, 2010 2010-06-24: Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. http://www.securityfocus.com/bid/41102
June 24, 2010 2010-06-24: Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks. http://www.securityfocus.com/bid/41103
June 24, 2010 2010-06-24: Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41094
June 24, 2010 2010-06-24: Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41090
June 24, 2010 2010-06-24: Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41099
June 24, 2010 2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41087
June 24, 2010 2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41082
June 24, 2010 2010-06-24: Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks. http://www.securityfocus.com/bid/33276
June 24, 2010 2010-06-24: Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible. http://www.securityfocus.com/bid/40701
June 24, 2010 2010-06-24: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/38952
June 24, 2010 2010-06-24: Mozilla Firefox & SeaMonkey 'nsCycleCollector::MarkRoots()' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/41100
June 24, 2010 2010-06-24: Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. http://www.securityfocus.com/bid/25237
June 24, 2010 2010-06-24: LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. http://www.securityfocus.com/bid/41011
June 24, 2010 2010-06-24: LibTIFF Multiple Remote Integer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. http://www.securityfocus.com/bid/35652
June 24, 2010 2010-06-24: LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. http://www.securityfocus.com/bid/40823
June 24, 2010 2010-06-24: LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. http://www.securityfocus.com/bid/35451
June 24, 2010 2010-06-24: ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users. http://www.securityfocus.com/bid/35669
June 24, 2010 2010-06-24: ISC DHCP Server "find_length()" Zero-Length Client Identifier Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users. http://www.securityfocus.com/bid/40775
June 24, 2010 2010-06-24: ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. http://www.securityfocus.com/bid/35668
June 24, 2010 2010-06-24: Belitsoft E-portfolio Joomla! Component Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.securityfocus.com/bid/40994
June 24, 2010 2010-06-24: TeX Live '.dvi' File Parsing (CVE-2010-0827) Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39971
June 24, 2010 2010-06-24: IsolSoft Support Center 'lang' Parameter Multiple Input Validation Vulnerabilities An attacker can exploit these issues to execute arbitrary local and remote files within the context of the webserver, execute arbitrary script code, and steal cookie-based authentication credentials. http://www.securityfocus.com/bid/35997
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2169) Invalid Pointer Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40807
June 24, 2010 2010-06-24: Adobe Flash Player and AIR URI Parsing Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy, execute arbitrary script code and obtain potentially sensitive information, or launch spoofing attacks against other sites. http://www.securityfocus.com/bid/40808
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2173) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40800
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2009-3793) Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40809
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2183) Integer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40793
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2178) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40790
June 24, 2010 2010-06-24: Adobe Flash Player and AIR 'DefineBit' Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40784
June 24, 2010 2010-06-24: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability Adobe Flash Player, Adobe Reader, and Adobe Acrobat are prone to a remote code execution vulnerability. Adobe has reported that this vulnerability is being exploited in the wild. http://www.securityfocus.com/bid/40586
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2174) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40805
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2185) Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40806
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2162) Heap Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40801
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2167) Multiple Heap Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40802
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2163) Multiple Remote Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40803
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2166) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40783
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2187) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40797
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2186) Remote Denial of Service Vulnerability Attackers can exploit this issue to crash the application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. http://www.securityfocus.com/bid/40786
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2177) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40788
June 24, 2010 2010-06-24: Adobe Flash Player and AIR (CVE-2010-2175) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40785
June 24, 2010 2010-06-24: Adobe Flash Player and AIR Image Processing Use After Free Remote Code Execution Vulnerability An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/40780
June 24, 2010 2010-06-24: Adobe Flash Player (CVE-2010-2161) Memory Index Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. http://www.securityfocus.com/bid/40781
June 24, 2010 2010-06-24: GNU gzip LZW Compression Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/37886
June 24, 2010 2010-06-24: Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities The Perl Safe module is prone to multiple restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root. http://www.securityfocus.com/bid/40302
June 24, 2010 2010-06-24: dvipng '.dvi' File Parsing Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39969
June 24, 2010 2010-06-24: Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability Attackers can exploit this issue by enticing victims into opening a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. http://www.securityfocus.com/bid/36945
June 24, 2010 2010-06-24: MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the kadmind service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. http://www.securityfocus.com/bid/40235
June 24, 2010 2010-06-24: MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. http://www.securityfocus.com/bid/24657
June 24, 2010 2010-06-24: MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication. http://www.securityfocus.com/bid/24655
June 24, 2010 2010-06-24: MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication. http://www.securityfocus.com/bid/24653
June 24, 2010 2010-06-24: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/39013
June 24, 2010 2010-06-24: OpenSSL 'EVP_PKEY_verify_recover()' Invalid Return Value Security Bypass Vulnerability Successful exploit may allow attackers to potentially bypass key checks in applications using the affected library; other attacks are also possible. http://www.securityfocus.com/bid/40503
June 24, 2010 2010-06-24: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/38533
June 24, 2010 2010-06-24: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/40502
June 24, 2010 2010-06-24: BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition. http://www.securityfocus.com/bid/35918
June 24, 2010 2010-06-24: PulseAudio Insecure Temporary File Creation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks. Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible. http://www.securityfocus.com/bid/38768
June 24, 2010 2010-06-24: SmartISoft phpBazar 'picturelib.php' Remote File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/40546
June 24, 2010 2010-06-24: Limny 'q' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/41152
June 24, 2010 2010-06-24: Bugzilla 'localconfig' Information Disclosure Vulnerability Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. http://www.securityfocus.com/bid/41144
June 24, 2010 2010-06-24: Google Chrome prior to 5.0.375.86 Multiple Security Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, and carry out cross-domain scripting attacks; other attacks are also possible. http://www.securityfocus.com/bid/41138
June 24, 2010 2010-06-24: Wingeom '.wg2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41137
June 24, 2010 2010-06-24: Wincalc '.num' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41136
June 24, 2010 2010-06-24: Big Forum 'forum.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/41135
June 24, 2010 2010-06-24: S2 NetBox Multiple Information Disclosure Vulnerabilities S2 NetBox is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information through authentication. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks. http://www.securityfocus.com/bid/41134
June 24, 2010 2010-06-24: Big Forum Local File Include and Arbitrary File Upload Vulnerabilities An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code. http://www.securityfocus.com/bid/41133
June 24, 2010 2010-06-24: Adobe Acrobat and Reader June 2010 Advance Multiple Remote Vulnerabilities Adobe released an advance advisory regarding multiple issues in Reader and Acrobat. The vendor plans to address these issues on June 29, 2010. http://www.securityfocus.com/bid/41130
June 24, 2010 2010-06-24: Twitter for iPhone Unspecified Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41129
June 24, 2010 2010-06-24: Winstats '.fma' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/41128
June 24, 2010 2010-06-24: Fenrir ActiveGeckoBrowser Unspecified Denial Of Service Vulnerability An attacker can exploit this issue to cause the vulnerable application to crash, denying service to legitimate users. Arbitrary code execution may also be possible. http://www.securityfocus.com/bid/41127
June 24, 2010 2010-06-24: Lois Software WebDB Script Multiple SQL Injection Vulnerabilities Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/41124
June 23, 2010 T-387: Mozilla Firefox/Thunderbird/SeaMonkey MFSA The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. These vulnerabilities allow attackers to execute arbitrary machine code in the context of the vulnerable application, crash affected applications, and perform cross-site scripting attacks; other attacks may also be possible. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-387.shtml
June 22, 2010 T-386: Apple Safari Authentication Data URI Spoofing Vulnerability Apple Safari is prone to a domain-spoofing vulnerability. Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-386.shtml
June 18, 2010 T-385: Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability Apple Mac OS X is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-385.shtml
April 23, 2010 2010-04-23: IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. http://www.securityfocus.com/bid/37976
April 23, 2010 2010-04-23: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. http://www.securityfocus.com/bid/36935
April 23, 2010 2010-04-23: Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer. http://www.securityfocus.com/bid/38362
April 23, 2010 2010-04-23: Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions. http://www.securityfocus.com/bid/38491
April 23, 2010 2010-04-23: Apache Subrequest Handling Information Disclosure Vulnerability Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions. http://www.securityfocus.com/bid/38580
April 23, 2010 2010-04-23: In-Portal 'config.php' Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.securityfocus.com/bid/39652
April 22, 2010 T-354: Microsoft Security Bulletin This bulletin discloses a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. This risk is high. http://www.doecirc.energy.gov/bulletins/t-354.shtml
April 22, 2010 2010-04-22: AlphaUserPoints Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39393
April 22, 2010 2010-04-22: Multi-Venue Restaurant Menu Manager Joomla! Component 'mid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39382
April 22, 2010 2010-04-22: Joomla! 'com_properties' Component 'aid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39374
April 22, 2010 2010-04-22: Gadget Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39547
April 22, 2010 2010-04-22: PHP 'mbstring' Extension Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. http://www.securityfocus.com/bid/32948
April 22, 2010 2010-04-22: OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/35174
April 22, 2010 2010-04-22: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities OpenSSL is prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions. http://www.securityfocus.com/bid/35001
April 22, 2010 2010-04-22: Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. http://www.securityfocus.com/bid/28380
April 22, 2010 2010-04-22: libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application. http://www.securityfocus.com/bid/32326
April 22, 2010 2010-04-22: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions. http://www.securityfocus.com/bid/35138
April 22, 2010 2010-04-22: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. http://www.securityfocus.com/bid/37865
April 22, 2010 2010-04-22: Microsoft Publisher File Conversion Textbox Remote Buffer Overflow Vulnerability An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user. http://www.securityfocus.com/bid/39347
April 22, 2010 2010-04-22: Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation Vulnerability An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service. http://www.securityfocus.com/bid/39323
April 22, 2010 2010-04-22: VLC Media Player 1.0.5 And Prior Multiple Security Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. http://www.securityfocus.com/bid/39629
April 22, 2010 2010-04-22: Xftp 'PWD' Response Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39628
April 22, 2010 2010-04-22: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/39013
April 22, 2010 2010-04-22: MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer. Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39599
April 22, 2010 2010-04-22: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability An attacker can exploit this issue to forward a user's NTLM (NT LAN Manager) credentials used in one application to gain unauthorized access to another application. http://www.securityfocus.com/bid/37366
April 22, 2010 2010-04-22: Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions. http://www.securityfocus.com/bid/36851
April 22, 2010 2010-04-22: Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code. http://www.securityfocus.com/bid/35769
April 22, 2010 2010-04-22: Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files. http://www.securityfocus.com/bid/36867
April 22, 2010 2010-04-22: Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities An attacker can exploit these issues to obtain potentially sensitive information, execute arbitrary code, elevate privileges, and cause denial-of-service conditions. http://www.securityfocus.com/bid/36343
April 22, 2010 2010-04-22: Mozilla Thunderbird Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code but this has not been confirmed. http://www.securityfocus.com/bid/38831
April 22, 2010 2010-04-22: Mozilla SeaMonkey Scriptable Plugin Content Security Bypass Vulnerability Attackers can exploit this issue to bypass restrictions, which may allow them to obtain sensitive information or launch other attacks. http://www.securityfocus.com/bid/38830
April 22, 2010 2010-04-22: Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. http://www.securityfocus.com/bid/37543
April 22, 2010 2010-04-22: W2B phpGreetCards 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39656
April 22, 2010 2010-04-22: AJ Matrix 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39654
April 22, 2010 2010-04-22: Huawei EchoLife HG520c 'AutoRestart.html' Authentication Bypass Vulnerability Attackers can leverage this issue to restart the device without proper authentication. Successful exploits may lead to other attacks. http://www.securityfocus.com/bid/39650
April 22, 2010 2010-04-22: FlashCard 'id' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39648
April 22, 2010 2010-04-22: Huawei EchoLife HG520 Remote Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. http://www.securityfocus.com/bid/39646
April 22, 2010 2010-04-22: JCaptcha Sound File CAPTCHA Security Bypass Vulnerability Successfully exploiting this issue may allow attackers to perform automated attacks on the affected application. http://www.securityfocus.com/bid/39643
April 22, 2010 2010-04-22: EDraw Flowchart ActiveX Control '.edd' File Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39642
April 22, 2010 2010-04-22: EDraw Flowchart ActiveX Control 'OpenDocument()' Method Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions. http://www.securityfocus.com/bid/39641
April 22, 2010 2010-04-22: HTC Touch SMS Preview Popup HTML Injection Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user within the context of the affected browser. This may help the attacker steal cookie-based authentication credentials and to launch other attacks. http://www.securityfocus.com/bid/39640
April 22, 2010 2010-04-22: Cacti Multiple Input Validation Security Vulnerabilities Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. http://www.securityfocus.com/bid/39639
April 22, 2010 2010-04-22: HP Virtual Machine Manager for Windows Unspecified Remote Privilege Escalation Vulnerability Authenticated attackers can exploit this issue to gain SYSTEM-level privileges on the affected computer. http://www.securityfocus.com/bid/39637
April 22, 2010 2010-04-22: Apache ActiveMQ Source Code Information Disclosure Vulnerability An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks. http://www.securityfocus.com/bid/39636
April 22, 2010 2010-04-22: Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may lead to further attacks. http://www.securityfocus.com/bid/39635
April 22, 2010 2010-04-22: SimpleCaddy Component for Joomla! Unspecified Security Vulnerability The SimpleCaddy (com_caddy) component for Joomla! is prone to an unspecified remote security vulnerability. Remote attackers can exploit this issue to perform unauthorized manipulation of certain data. http://www.securityfocus.com/bid/39634
April 22, 2010 2010-04-22: HP System Management Homepage CVE-2010-1034 Unspecified Remote Vulnerability Remote authenticated attackers can exploit this issue to compromise the confidentially, integrity and the availability of the affected application. http://www.securityfocus.com/bid/39632
April 22, 2010 2010-04-22: Microsoft Windows 'SfnINSTRING' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition. http://www.securityfocus.com/bid/39631
April 22, 2010 2010-04-22: Microsoft Windows 'SfnLOGONNOTIFY' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition. http://www.securityfocus.com/bid/39630
April 22, 2010 2010-04-22: Rising Antivirus 2010 'RsAssist.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39627
April 21, 2010 T-353: McAfee DAT 5958 Update Causes Issues McAfee anti-virus software is erroneously detecting svchost.exe as a virus causing multiple issues. We have received several reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. It is affecting svchost.exe. Symptoms are: reboot loops and networking down. Trying to roll back to last version is difficult. This risk is high. http://www.doecirc.energy.gov/bulletins/t-353.shtml
|
