|
July 23, 2010
T-401: Multiple Mozilla Product Vulnerabilites Mozilla has released multiple vulnerability advisories. Most of Mozillas software has been updated this week to address these issues. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-401.shtml
July 23, 2010
2010-07-23: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
http://www.securityfocus.com/bid/36935
July 23, 2010
2010-07-23: Microsoft Internet Explorer 'onreadystatechange' Event Handler Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/39027
July 23, 2010
2010-07-23: Multiple Mozilla Products CSS Selectors Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41872
July 23, 2010
2010-07-23: Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41871
July 23, 2010
2010-07-23: Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.
http://www.securityfocus.com/bid/33276
July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41090
July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41853
July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird Character Mapping Security Weakness Mozilla Firefox and Thunderbird are prone to a weakness that may contribute to cross-site scripting issues.
http://www.securityfocus.com/bid/41866
July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey 'NodeIterator' Use-After-Free Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41845
July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41093
July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird 'SJOW' Privilege Escalation Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploitation allows attackers to execute arbitrary JavaScript code with chrome privileges.
http://www.securityfocus.com/bid/41868
July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1211 Remote Memory Corruption Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41859
July 23, 2010
2010-07-23: Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41099
July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41842
July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41852
July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41094
July 23, 2010
2010-07-23: Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41860
July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey DOM Cloning Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41849
July 23, 2010
2010-07-23: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41087
July 23, 2010
2010-07-23: Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.
http://www.securityfocus.com/bid/41103
July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41102
July 23, 2010
2010-07-23: Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41082
July 23, 2010
2010-07-23: libpng Memory Corruption and Memory Leak Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.
http://www.securityfocus.com/bid/41174
July 23, 2010
2010-07-23: Mozilla Firefox 'about:blank' Document URI Spoofing Vulnerability Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.
http://www.securityfocus.com/bid/41055
July 23, 2010
2010-07-23: Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/40701
July 23, 2010
2010-07-23: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/38952
July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird Canvas Element Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41878
July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1212 Remote Memory Corruption Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41865
July 23, 2010
2010-07-23: ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability An attacker can exploit this issue to cause the application to fall into an infinite loop, denying service to legitimate users.
http://www.securityfocus.com/bid/41730
July 23, 2010
2010-07-23: PhotoPost PHP 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41916
July 23, 2010
2010-07-23: iputils 'ping.c' Remote Denial Of Service Vulnerability iputils is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets. A successful attack allows a remote attacker to hang the application, denying further service to legitimate users.
http://www.securityfocus.com/bid/41911
July 09, 2010
2010-07-09: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/37874
July 09, 2010
2010-07-09: CMS ISWEB SQL Injection and Cross Site Scripting Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/32823
July 09, 2010
2010-07-09: Softwex CMS 'news_details.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41512
July 09, 2010
2010-07-09: QuickFAQ Component for Joomla! 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41508
July 09, 2010
2010-07-09: Real Estate Manager 'index.php' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/41507
July 09, 2010
2010-07-09: MP3 Cutter MP3 File Processing Remote Denial of Service Vulnerability An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.
http://www.securityfocus.com/bid/41506
July 08, 2010
T-393: iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability Multiple implementations of iSCSI Enterprise Target are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-393.shtml
July 08, 2010
2010-07-08: Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
http://www.securityfocus.com/bid/41462
July 08, 2010
2010-07-08: Ubisoft Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow Vulnerabilities Successful exploits may allow attackers to cause denial-of-service conditions. Due to the nature of these issues, code-execution may also be possible, but this has not been confirmed.
http://www.securityfocus.com/bid/41459
July 08, 2010
2010-07-08: Pithcms Multiple File Include Vulnerabilities Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
http://www.securityfocus.com/bid/41461
July 08, 2010
2010-07-08: Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability Attackers can exploit this issue to cause the kernel to panic, resulting in a denial-of-service condition.
http://www.securityfocus.com/bid/39101
July 08, 2010
2010-07-08: W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
http://www.securityfocus.com/bid/40837
July 08, 2010
2010-07-08: Linux Kernel 'btrfs' File Permissions Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/41467
July 08, 2010
2010-07-08: Linux Kernel ethtool 'info.rule_cnt' Local Buffer Overflow Vulnerability Local attackers may be able to exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts may crash the affected kernel, denying service to legitimate users.
http://www.securityfocus.com/bid/41223
July 08, 2010
2010-07-08: Linux Kernel 'pppol2tp_xmit' Null Pointer Deference Denial of Service Vulnerability An attacker may exploit this issue to cause denial-of-service conditions.
http://www.securityfocus.com/bid/41077
July 08, 2010
2010-07-08: Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability Attackers can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
http://www.securityfocus.com/bid/39719
July 08, 2010
2010-07-08: Ghostscript 'gs_init.ps' With '-P-' Flag Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
http://www.securityfocus.com/bid/40467
July 08, 2010
2010-07-08: Ghostscript Insecure Temporary File Creation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
http://www.securityfocus.com/bid/40426
July 08, 2010
2010-07-08: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/40502
July 08, 2010
2010-07-08: Joomla! ArtForms Component Multiple Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or disclose sensitive information.
http://www.securityfocus.com/bid/41457
July 08, 2010
2010-07-08: LibTIFF Multiple Remote Code Execution Vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of a user running an application that uses the affected library. Failed exploit attempts will crash the application.
http://www.securityfocus.com/bid/41088
July 08, 2010
2010-07-08: Mini-stream Ripper '.pls' File Remote Buffer Overflow Vulnerability Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41332
July 08, 2010
2010-07-08: iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/41327
July 08, 2010
2010-07-08: Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40884
July 08, 2010
2010-07-08: libpng Memory Corruption and Memory Leak Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.
http://www.securityfocus.com/bid/41174
July 08, 2010
2010-07-08: Mini-stream Software CastRipper '.pls' File Remote Stack Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/40626
July 08, 2010
2010-07-08: Pango Glyph Definition Table Denial of Service Vulnerability Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users.
http://www.securityfocus.com/bid/38760
July 08, 2010
2010-07-08: PAM MOTD Module Local Privilege Escalation Vulnerability Attackers can exploit this issue to gain escalated privileges.
http://www.securityfocus.com/bid/41465
July 08, 2010
2010-07-08: CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application.
http://www.securityfocus.com/bid/40889
July 08, 2010
2010-07-08: CUPS Web Interface Information Disclosure Vulnerability Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/40897
July 08, 2010
2010-07-08: CUPS 'cupsDoAuthentication()' Infinite Loop Denial of Service Vulnerability An attacker can exploit this issue to cause the affected application to fall into an infinite loop, denying service to legitimate users.
http://www.securityfocus.com/bid/41126
July 08, 2010
2010-07-08: CUPS 'cupsFileOpen' function Symlink Attack Local Privilege Escalation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
http://www.securityfocus.com/bid/41131
July 08, 2010
2010-07-08: CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/40943
July 08, 2010
2010-07-08: Adobe Acrobat and Reader (CVE-2010-2208) Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.
http://www.securityfocus.com/bid/41244
July 08, 2010
2010-07-08: Adobe Acrobat and Reader Flash Content Parsing Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41245
July 08, 2010
2010-07-08: Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.
http://www.securityfocus.com/bid/41236
July 08, 2010
2010-07-08: Adobe Acrobat and Reader CLOD Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41234
July 08, 2010
2010-07-08: Linux Kernel GFS2 File Attribute Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/40356
July 08, 2010
2010-07-08: Linux Kernel Btrfs Cloned File Security Bypass Vulnerability An attacker can exploit this issue to clone a file only open for writing. This may allow attackers to obtain sensitive data or launch further attacks.
http://www.securityfocus.com/bid/40241
July 08, 2010
2010-07-08: Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability A remote attacker may exploit this issue to crash the affected application, denying further service to legitimate users.
http://www.securityfocus.com/bid/41075
July 08, 2010
2010-07-08: UFO: Alien Invasion IRC Client Multiple Remote Buffer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/41004
June 25, 2010
2010-06-25: Winplot '.wp2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/40879
June 25, 2010
2010-06-25: Simple Machines Forum Change Administrator Password Security Bypass Vulnerability Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform administrative actions.
http://www.securityfocus.com/bid/41150
June 25, 2010
2010-06-25: FieldNotes 32 '.dxf' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41147
June 25, 2010
2010-06-25: 2daybiz Matrimonial Script SQL Injection and Cross Site Scripting Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41146
June 25, 2010
2010-06-25: WM Downloader '.m3u' File Remote Stack Buffer Overflow Vulnerability Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41145
June 25, 2010
2010-06-25: activeCollab 'index.php' Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/41142
June 25, 2010
2010-06-25: Bugzilla 'time-tracking' Information Disclosure Vulnerability Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
http://www.securityfocus.com/bid/41141
June 25, 2010
2010-06-25: AbleSpace 'news.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41139
June 24, 2010
T-388: ISC DHCP Server find_length() Zero-Length Client Identifier Remote Denial Of Service Vulnerability ISC DHCP Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-388.shtml
June 24, 2010
2010-06-24: Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41093
June 24, 2010
2010-06-24: Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41102
June 24, 2010
2010-06-24: Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.
http://www.securityfocus.com/bid/41103
June 24, 2010
2010-06-24: Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41094
June 24, 2010
2010-06-24: Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41090
June 24, 2010
2010-06-24: Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41099
June 24, 2010
2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41087
June 24, 2010
2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41082
June 24, 2010
2010-06-24: Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.
http://www.securityfocus.com/bid/33276
June 24, 2010
2010-06-24: Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/40701
June 24, 2010
2010-06-24: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/38952
June 24, 2010
2010-06-24: Mozilla Firefox & SeaMonkey 'nsCycleCollector::MarkRoots()' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41100
June 24, 2010
2010-06-24: Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/bid/25237
June 24, 2010
2010-06-24: LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
http://www.securityfocus.com/bid/41011
June 24, 2010
2010-06-24: LibTIFF Multiple Remote Integer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
http://www.securityfocus.com/bid/35652
June 24, 2010
2010-06-24: LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
http://www.securityfocus.com/bid/40823
June 24, 2010
2010-06-24: LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
http://www.securityfocus.com/bid/35451
June 24, 2010
2010-06-24: ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.
http://www.securityfocus.com/bid/35669
June 24, 2010
2010-06-24: ISC DHCP Server "find_length()" Zero-Length Client Identifier Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.
http://www.securityfocus.com/bid/40775
June 24, 2010
2010-06-24: ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
http://www.securityfocus.com/bid/35668
June 24, 2010
2010-06-24: Belitsoft E-portfolio Joomla! Component Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.securityfocus.com/bid/40994
June 24, 2010
2010-06-24: TeX Live '.dvi' File Parsing (CVE-2010-0827) Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39971
June 24, 2010
2010-06-24: IsolSoft Support Center 'lang' Parameter Multiple Input Validation Vulnerabilities An attacker can exploit these issues to execute arbitrary local and remote files within the context of the webserver, execute arbitrary script code, and steal cookie-based authentication credentials.
http://www.securityfocus.com/bid/35997
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2169) Invalid Pointer Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40807
June 24, 2010
2010-06-24: Adobe Flash Player and AIR URI Parsing Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy, execute arbitrary script code and obtain potentially sensitive information, or launch spoofing attacks against other sites.
http://www.securityfocus.com/bid/40808
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2173) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40800
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2009-3793) Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40809
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2183) Integer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40793
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2178) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40790
June 24, 2010
2010-06-24: Adobe Flash Player and AIR 'DefineBit' Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40784
June 24, 2010
2010-06-24: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability Adobe Flash Player, Adobe Reader, and Adobe Acrobat are prone to a remote code execution vulnerability. Adobe has reported that this vulnerability is being exploited in the wild.
http://www.securityfocus.com/bid/40586
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2174) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40805
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2185) Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40806
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2162) Heap Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40801
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2167) Multiple Heap Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40802
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2163) Multiple Remote Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40803
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2166) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40783
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2187) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40797
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2186) Remote Denial of Service Vulnerability Attackers can exploit this issue to crash the application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed.
http://www.securityfocus.com/bid/40786
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2177) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40788
June 24, 2010
2010-06-24: Adobe Flash Player and AIR (CVE-2010-2175) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40785
June 24, 2010
2010-06-24: Adobe Flash Player and AIR Image Processing Use After Free Remote Code Execution Vulnerability An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/40780
June 24, 2010
2010-06-24: Adobe Flash Player (CVE-2010-2161) Memory Index Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40781
June 24, 2010
2010-06-24: GNU gzip LZW Compression Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/37886
June 24, 2010
2010-06-24: Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities The Perl Safe module is prone to multiple restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root.
http://www.securityfocus.com/bid/40302
June 24, 2010
2010-06-24: dvipng '.dvi' File Parsing Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39969
June 24, 2010
2010-06-24: Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability Attackers can exploit this issue by enticing victims into opening a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
http://www.securityfocus.com/bid/36945
June 24, 2010
2010-06-24: MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the kadmind service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
http://www.securityfocus.com/bid/40235
June 24, 2010
2010-06-24: MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/24657
June 24, 2010
2010-06-24: MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
http://www.securityfocus.com/bid/24655
June 24, 2010
2010-06-24: MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
http://www.securityfocus.com/bid/24653
June 24, 2010
2010-06-24: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/39013
June 24, 2010
2010-06-24: OpenSSL 'EVP_PKEY_verify_recover()' Invalid Return Value Security Bypass Vulnerability Successful exploit may allow attackers to potentially bypass key checks in applications using the affected library; other attacks are also possible.
http://www.securityfocus.com/bid/40503
June 24, 2010
2010-06-24: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/38533
June 24, 2010
2010-06-24: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/40502
June 24, 2010
2010-06-24: BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
http://www.securityfocus.com/bid/35918
June 24, 2010
2010-06-24: PulseAudio Insecure Temporary File Creation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks. Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.
http://www.securityfocus.com/bid/38768
June 24, 2010
2010-06-24: SmartISoft phpBazar 'picturelib.php' Remote File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/40546
June 24, 2010
2010-06-24: Limny 'q' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/41152
June 24, 2010
2010-06-24: Bugzilla 'localconfig' Information Disclosure Vulnerability Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
http://www.securityfocus.com/bid/41144
June 24, 2010
2010-06-24: Google Chrome prior to 5.0.375.86 Multiple Security Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, and carry out cross-domain scripting attacks; other attacks are also possible.
http://www.securityfocus.com/bid/41138
June 24, 2010
2010-06-24: Wingeom '.wg2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41137
June 24, 2010
2010-06-24: Wincalc '.num' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41136
June 24, 2010
2010-06-24: Big Forum 'forum.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41135
June 24, 2010
2010-06-24: S2 NetBox Multiple Information Disclosure Vulnerabilities
S2 NetBox is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information through authentication. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks.
http://www.securityfocus.com/bid/41134
June 24, 2010
2010-06-24: Big Forum Local File Include and Arbitrary File Upload Vulnerabilities An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.
http://www.securityfocus.com/bid/41133
June 24, 2010
2010-06-24: Adobe Acrobat and Reader June 2010 Advance Multiple Remote Vulnerabilities Adobe released an advance advisory regarding multiple issues in Reader and Acrobat. The vendor plans to address these issues on June 29, 2010.
http://www.securityfocus.com/bid/41130
June 24, 2010
2010-06-24: Twitter for iPhone Unspecified Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41129
June 24, 2010
2010-06-24: Winstats '.fma' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41128
June 24, 2010
2010-06-24: Fenrir ActiveGeckoBrowser Unspecified Denial Of Service Vulnerability An attacker can exploit this issue to cause the vulnerable application to crash, denying service to legitimate users. Arbitrary code execution may also be possible.
http://www.securityfocus.com/bid/41127
June 24, 2010
2010-06-24: Lois Software WebDB Script Multiple SQL Injection Vulnerabilities Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41124
June 23, 2010
T-387: Mozilla Firefox/Thunderbird/SeaMonkey MFSA The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. These vulnerabilities allow attackers to execute arbitrary machine code in the context of the vulnerable application, crash affected applications, and perform cross-site scripting attacks; other attacks may also be possible. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-387.shtml
June 22, 2010
T-386: Apple Safari Authentication Data URI Spoofing Vulnerability Apple Safari is prone to a domain-spoofing vulnerability. Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-386.shtml
June 18, 2010
T-385: Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability Apple Mac OS X is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-385.shtml
April 23, 2010
2010-04-23: IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.
http://www.securityfocus.com/bid/37976
April 23, 2010
2010-04-23: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
http://www.securityfocus.com/bid/36935
April 23, 2010
2010-04-23: Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.
http://www.securityfocus.com/bid/38362
April 23, 2010
2010-04-23: Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions.
http://www.securityfocus.com/bid/38491
April 23, 2010
2010-04-23: Apache Subrequest Handling Information Disclosure Vulnerability Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions.
http://www.securityfocus.com/bid/38580
April 23, 2010
2010-04-23: In-Portal 'config.php' Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.securityfocus.com/bid/39652
April 22, 2010
T-354: Microsoft Security Bulletin
This bulletin discloses a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. This risk is high.
http://www.doecirc.energy.gov/bulletins/t-354.shtml
April 22, 2010
2010-04-22: AlphaUserPoints Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39393
April 22, 2010
2010-04-22: Multi-Venue Restaurant Menu Manager Joomla! Component 'mid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39382
April 22, 2010
2010-04-22: Joomla! 'com_properties' Component 'aid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39374
April 22, 2010
2010-04-22: Gadget Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39547
April 22, 2010
2010-04-22: PHP 'mbstring' Extension Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
http://www.securityfocus.com/bid/32948
April 22, 2010
2010-04-22: OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/35174
April 22, 2010
2010-04-22: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities OpenSSL is prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions.
http://www.securityfocus.com/bid/35001
April 22, 2010
2010-04-22: Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/bid/28380
April 22, 2010
2010-04-22: libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.
http://www.securityfocus.com/bid/32326
April 22, 2010
2010-04-22: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.
http://www.securityfocus.com/bid/35138
April 22, 2010
2010-04-22: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
http://www.securityfocus.com/bid/37865
April 22, 2010
2010-04-22: Microsoft Publisher File Conversion Textbox Remote Buffer Overflow Vulnerability An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
http://www.securityfocus.com/bid/39347
April 22, 2010
2010-04-22: Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation Vulnerability An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service.
http://www.securityfocus.com/bid/39323
April 22, 2010
2010-04-22: VLC Media Player 1.0.5 And Prior Multiple Security Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/39629
April 22, 2010
2010-04-22: Xftp 'PWD' Response Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39628
April 22, 2010
2010-04-22: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/39013
April 22, 2010
2010-04-22: MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer. Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39599
April 22, 2010
2010-04-22: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability An attacker can exploit this issue to forward a user's NTLM (NT LAN Manager) credentials used in one application to gain unauthorized access to another application.
http://www.securityfocus.com/bid/37366
April 22, 2010
2010-04-22: Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions.
http://www.securityfocus.com/bid/36851
April 22, 2010
2010-04-22: Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.
http://www.securityfocus.com/bid/35769
April 22, 2010
2010-04-22: Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files.
http://www.securityfocus.com/bid/36867
April 22, 2010
2010-04-22: Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities An attacker can exploit these issues to obtain potentially sensitive information, execute arbitrary code, elevate privileges, and cause denial-of-service conditions.
http://www.securityfocus.com/bid/36343
April 22, 2010
2010-04-22: Mozilla Thunderbird Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code but this has not been confirmed.
http://www.securityfocus.com/bid/38831
April 22, 2010
2010-04-22: Mozilla SeaMonkey Scriptable Plugin Content Security Bypass Vulnerability Attackers can exploit this issue to bypass restrictions, which may allow them to obtain sensitive information or launch other attacks.
http://www.securityfocus.com/bid/38830
April 22, 2010
2010-04-22: Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
http://www.securityfocus.com/bid/37543
April 22, 2010
2010-04-22: W2B phpGreetCards 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39656
April 22, 2010
2010-04-22: AJ Matrix 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39654
April 22, 2010
2010-04-22: Huawei EchoLife HG520c 'AutoRestart.html' Authentication Bypass Vulnerability Attackers can leverage this issue to restart the device without proper authentication. Successful exploits may lead to other attacks.
http://www.securityfocus.com/bid/39650
April 22, 2010
2010-04-22: FlashCard 'id' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39648
April 22, 2010
2010-04-22: Huawei EchoLife HG520 Remote Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/39646
April 22, 2010
2010-04-22: JCaptcha Sound File CAPTCHA Security Bypass Vulnerability Successfully exploiting this issue may allow attackers to perform automated attacks on the affected application.
http://www.securityfocus.com/bid/39643
April 22, 2010
2010-04-22: EDraw Flowchart ActiveX Control '.edd' File Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39642
April 22, 2010
2010-04-22: EDraw Flowchart ActiveX Control 'OpenDocument()' Method Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39641
April 22, 2010
2010-04-22: HTC Touch SMS Preview Popup HTML Injection Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user within the context of the affected browser. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39640
April 22, 2010
2010-04-22: Cacti Multiple Input Validation Security Vulnerabilities Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
http://www.securityfocus.com/bid/39639
April 22, 2010
2010-04-22: HP Virtual Machine Manager for Windows Unspecified Remote Privilege Escalation Vulnerability Authenticated attackers can exploit this issue to gain SYSTEM-level privileges on the affected computer.
http://www.securityfocus.com/bid/39637
April 22, 2010
2010-04-22: Apache ActiveMQ Source Code Information Disclosure Vulnerability An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.
http://www.securityfocus.com/bid/39636
April 22, 2010
2010-04-22: Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may lead to further attacks.
http://www.securityfocus.com/bid/39635
April 22, 2010
2010-04-22: SimpleCaddy Component for Joomla! Unspecified Security Vulnerability The SimpleCaddy (com_caddy) component for Joomla! is prone to an unspecified remote security vulnerability. Remote attackers can exploit this issue to perform unauthorized manipulation of certain data.
http://www.securityfocus.com/bid/39634
April 22, 2010
2010-04-22: HP System Management Homepage CVE-2010-1034 Unspecified Remote Vulnerability Remote authenticated attackers can exploit this issue to compromise the confidentially, integrity and the availability of the affected application.
http://www.securityfocus.com/bid/39632
April 22, 2010
2010-04-22: Microsoft Windows 'SfnINSTRING' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition.
http://www.securityfocus.com/bid/39631
April 22, 2010
2010-04-22: Microsoft Windows 'SfnLOGONNOTIFY' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition.
http://www.securityfocus.com/bid/39630
April 22, 2010
2010-04-22: Rising Antivirus 2010 'RsAssist.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39627
April 21, 2010
T-353: McAfee DAT 5958 Update Causes Issues McAfee anti-virus software is erroneously detecting svchost.exe as a virus causing multiple issues. We have received several reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. It is affecting svchost.exe. Symptoms are: reboot loops and networking down. Trying to roll back to last version is difficult. This risk is high.
http://www.doecirc.energy.gov/bulletins/t-353.shtml
April 21, 2010
2010-04-21: MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in a denial-of-service condition.
http://www.securityfocus.com/bid/38260
April 21, 2010
2010-04-21: MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.
http://www.securityfocus.com/bid/37749
April 21, 2010
2010-04-21: MIT Kerberos 'gss_accept_sec_context()' Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.
http://www.securityfocus.com/bid/38904
April 21, 2010
2010-04-21: MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
http://www.securityfocus.com/bid/37486
April 21, 2010
2010-04-21: Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39336
April 21, 2010
2010-04-21: Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39312
April 21, 2010
2010-04-21: Microsoft Windows SMB Packet Remote Denial of Service Vulnerability A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users.
http://www.securityfocus.com/bid/36989
April 21, 2010
2010-04-21: Microsoft Windows SMB Client Message Size Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39340
April 21, 2010
2010-04-21: Microsoft Windows SMB Client Transaction Response Remote Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39339
April 21, 2010
2010-04-21: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.
http://www.securityfocus.com/bid/39303
April 21, 2010
2010-04-21: Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable (PE) or cabinet file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
http://www.securityfocus.com/bid/39328
April 21, 2010
2010-04-21: Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed cabinet ('.cab') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.
http://www.securityfocus.com/bid/39332
April 21, 2010
2010-04-21: Simasy CMS 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/30774
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed.
http://www.securityfocus.com/bid/39524
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed.
http://www.securityfocus.com/bid/39523
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39417
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.
http://www.securityfocus.com/bid/39522
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application; other attacks may also be possible.
http://www.securityfocus.com/bid/39515
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.
http://www.securityfocus.com/bid/39518
April 21, 2010
2010-04-21: Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.
http://www.securityfocus.com/bid/39514
April 21, 2010
2010-04-21: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39470
April 21, 2010
2010-04-21: Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.
http://www.securityfocus.com/bid/39505
April 21, 2010
2010-04-21: Adobe Reader CVE-2010-0200 Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39227
April 21, 2010
2010-04-21: Joomla! Seber Cart Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39237
April 21, 2010
2010-04-21: uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38102
April 21, 2010
2010-04-21: WB News '/base/Comments.php' HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/bid/39626
April 21, 2010
2010-04-21: LightNEasy 'get_file.php' Local File Disclosure Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
http://www.securityfocus.com/bid/39623
April 21, 2010
2010-04-21: ZipGenius ZIP Archive Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/39622
April 21, 2010
2010-04-21: LightNEasy 'language' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39621
April 21, 2010
2010-04-21: PortfolioDesign.org Portfolio for Joomla! 'phpThumb.php' Remote File Disclosure Vulnerability An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks.
http://www.securityfocus.com/bid/39620
April 21, 2010
2010-04-21: v2marketplacescript Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.securityfocus.com/bid/39618
April 21, 2010
2010-04-21: SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/39616
April 21, 2010
2010-04-21: DBSite wb CMS 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39613
April 21, 2010
2010-04-21: Cisco Small Business Video Surveillance Cameras & 4-Port Router Authentication Bypass Vulnerability Successful exploits allow remote authenticated attackers to obtain other users' passwords and gain access to the vulnerable device. This will completely compromise an affected device.
http://www.securityfocus.com/bid/39612
April 21, 2010
2010-04-21: openMairie openRegistreCIL Local and Remote File Include Vulnerabilities Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
http://www.securityfocus.com/bid/39611
April 21, 2010
2010-04-21: Elastix 'id_nodo' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39610
April 21, 2010
2010-04-21: e107 'e107_admin/banner.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39609
April 21, 2010
2010-04-21: Webmoney Web Merchant Interface Component for Joomla! Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39608
April 21, 2010
2010-04-21: MMS Blog Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39607
April 21, 2010
2010-04-21: OrgChart Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39606
April 21, 2010
2010-04-21: phpThumb() 'fltr[]' Parameter Command Injection Vulnerability Attackers can exploit this issue to execute arbitrary commands in the context of the webserver. Note that successful exploitation requires 'ImageMagick' to be installed.
http://www.securityfocus.com/bid/39605
April 21, 2010
2010-04-21: imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application that uses the affected library. Failed exploit attempts may result in a denial-of-service condition.
http://www.securityfocus.com/bid/39604
April 20, 2010
T-352: iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities iSCSI Enterprise Target and tgt are prone to multiple format-string vulnerabilities because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Other attacks may also be possible, including data loss or corruption. This risk is moderate.
http://www.doecirc.energy.gov/bulletins/t-352.shtml
April 19, 2010
T-351: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. This risk is moderate.
http://www.doecirc.energy.gov/bulletins/t-351.shtml
April 16, 2010
T-350: Adobe Acrobat and Reader Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed. This risk is high.
http://www.doecirc.energy.gov/bulletins/t-350.shtml
April 16, 2010
2010-04-16: Oracle Java SE and Java for Business Unspecified Vulnerabilities Successful attacks may allow attackers to gain unauthorized access to a computer in the context of the user running the affected application.
http://www.securityfocus.com/bid/39492
April 16, 2010
2010-04-16: Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities An attacker can exploit these issues to gain unauthorized access to the affected computer and to crash the affected application.
http://www.securityfocus.com/bid/39377
April 16, 2010
2010-04-16: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed.
http://www.securityfocus.com/bid/39524
April 16, 2010
2010-04-16: Joomla! 'com_manager' Component 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39519
April 15, 2010
T-349: [USN-928-1] Sudo vulnerability
A Sudo security issue affects several Ubuntu releases and some corresponding versions of Kubuntu, Edubuntu, Xubuntu, and Mac OS. Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-349.shtml
April 15, 2010
2010-04-15: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers.
http://www.securityfocus.com/bid/37128
April 15, 2010
2010-04-15: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.
http://www.securityfocus.com/bid/36097
April 15, 2010
2010-04-15: KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability An attacker may exploit this issue to execute arbitrary code and gain elevated privileges.
http://www.securityfocus.com/bid/39467
April 15, 2010
2010-04-15: Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.
http://www.securityfocus.com/bid/39468
April 15, 2010
2010-04-15: Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
http://www.securityfocus.com/bid/38955
April 15, 2010
2010-04-15: VMware Remote Console 'connect' Method Remote Format String Vulnerability Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/39396
April 15, 2010
2010-04-15: Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability Oracle Sun Java System Communications Express is prone to a remote vulnerability in Address Book. The vulnerability can be exploited over the 'HTTP' protocol.
http://www.securityfocus.com/bid/39461
April 15, 2010
2010-04-15: Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating. Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions.
http://www.securityfocus.com/bid/39453
April 15, 2010
2010-04-15: RPM Configuration File Handling Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39493
April 15, 2010
2010-04-15: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.
http://www.securityfocus.com/bid/39395
April 15, 2010
2010-04-15: Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications.
http://www.securityfocus.com/bid/39346
April 15, 2010
2010-04-15: Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability Successful exploits will allow attackers to crash the application, denying service to legitimate users.
http://www.securityfocus.com/bid/38200
April 15, 2010
2010-04-15: Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible.
http://www.securityfocus.com/bid/38198
April 15, 2010
2010-04-15: PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability PostgreSQL is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges.
http://www.securityfocus.com/bid/37333
April 15, 2010
2010-04-15: PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
http://www.securityfocus.com/bid/37334
April 15, 2010
2010-04-15: Apache 'mod_proxy_ajp' Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/34663
April 15, 2010
2010-04-15: Apache 'mod_proxy' Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services.
http://www.securityfocus.com/bid/35565
April 15, 2010
2010-04-15: Pidgin Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users.
http://www.securityfocus.com/bid/38294
April 15, 2010
2010-04-15: Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to trigger denial-of-service conditions.
http://www.securityfocus.com/bid/36596
April 15, 2010
2010-04-15: LibThai Unspecified Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.
http://www.securityfocus.com/bid/37822
April 15, 2010
2010-04-15: PhpMesFilms 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/33105
April 15, 2010
2010-04-15: Intel BIOS System Management Mode Local Privilege Escalation Vulnerability An attacker can exploit this issue to modify software that runs in System Management Mode (SMM). Successfully exploiting this issue will allow the attacker to compromise affected computers.
http://www.securityfocus.com/bid/38251
April 15, 2010
2010-04-15: IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability Successful attacks can allow local attacker to gain elevated privileges by obtaining access to an administrator's credentials.
http://www.securityfocus.com/bid/39525
April 15, 2010
2010-04-15: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.
http://www.securityfocus.com/bid/39518
April 15, 2010
2010-04-15: Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39510
April 15, 2010
2010-04-15: Deluxe Blog Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39508
April 15, 2010
2010-04-15: BeeHeard Components for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39506
April 15, 2010
2010-04-15: TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39500
April 15, 2010
2010-04-15: IBM BladeCenter Advanced Management Module Denial of Service Vulnerability Successful exploits will cause the affected service to reboot, denying service to legitimate users.
http://www.securityfocus.com/bid/39499
April 15, 2010
2010-04-15: Mocha W32 LPD Remote Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39498
April 15, 2010
2010-04-15: Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39496
April 15, 2010
2010-04-15: Intellectual Property Joomla! Component 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39495
April 14, 2010
T-348: Java Deployment Toolkit Performs Insufficient Validation of Parameters The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. This risk is Low.
http://www.doecirc.energy.gov/bulletins/t-348.shtml
April 14, 2010
2010-04-14: PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0879 Remote PeopleTools Vulnerability The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Valid Session' privileges.
http://www.securityfocus.com/bid/39441
April 14, 2010
2010-04-14: OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
http://www.securityfocus.com/bid/25163
April 14, 2010
2010-04-14: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/39013
April 14, 2010
2010-04-14: Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability Successful exploits will allow attackers to obtain the contents of a portion of memory or crash the application.
http://www.securityfocus.com/bid/34109
April 14, 2010
2010-04-14: GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.
http://www.securityfocus.com/bid/34100
April 14, 2010
2010-04-14: Webmin and Usermin Unspecified Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/37259
April 14, 2010
2010-04-14: Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39469
April 14, 2010
2010-04-14: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39417
April 14, 2010
2010-04-14: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39470
April 14, 2010
2010-04-14: Cisco Secure Desktop ActiveX Control Executable File Arbitrary File Download Vulnerability Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. Successful exploits will allow attackers to execute arbitrary code within the context of the currently logged-in user.
http://www.securityfocus.com/bid/39478
April 14, 2010
2010-04-14: Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38944
April 14, 2010
2010-04-14: Mozilla Firefox CVE-2010-1122 Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39293
April 14, 2010
2010-04-14: Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38939
April 14, 2010
2010-04-14: Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability Attackers can exploit this issue to bypass content-loading policies. The impact of this issue will depend on the reasons behind the content check. Consequences may include cross-site request-forgery attacks, denial-of-service conditions, and possibly remote code execution.
http://www.securityfocus.com/bid/38927
April 14, 2010
2010-04-14: Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability An attacker may exploit this issue to obtain authentication credentials associated with a trusted site. This may lead to other attacks.
http://www.securityfocus.com/bid/38920
April 14, 2010
2010-04-14: Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or to launch other attacks.
http://www.securityfocus.com/bid/38919
April 14, 2010
2010-04-14: Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38921
April 14, 2010
2010-04-14: CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/bid/36958
April 14, 2010
2010-04-14: CUPS 'lppasswd' Tool Localized Message String Security Weakness Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers.
http://www.securityfocus.com/bid/38524
April 14, 2010
2010-04-14: CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability CUPS is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/38510
April 14, 2010
2010-04-14: Pango Glyph Definition Table Denial of Service Vulnerability Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users.
http://www.securityfocus.com/bid/38760
April 14, 2010
2010-04-14: CUPS File Descriptors Handling Remote Denial Of Service Vulnerability A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/37048
April 14, 2010
2010-04-14: GIMP PSD Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/37040
April 14, 2010
2010-04-14: ViewVC Regular Expression Search Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible.
http://www.securityfocus.com/bid/39053
April 14, 2010
2010-04-14: GIMP BMP Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/37006
April 14, 2010
2010-04-14: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
http://www.securityfocus.com/bid/36935
April 14, 2010
2010-04-14: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.securityfocus.com/bid/39331
April 14, 2010
2010-04-14: Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/39045
April 14, 2010
2010-04-14: Joomla! 'com_qpersonel' Component 'katid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39466
April 14, 2010
2010-04-14: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.
http://www.securityfocus.com/bid/31692
April 14, 2010
2010-04-14: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/38533
April 14, 2010
2010-04-14: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.
http://www.securityfocus.com/bid/39247
April 14, 2010
2010-04-14: Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability Attackers can exploit this to call trusted methods in an unsafe manner; this can be leveraged to execute arbitrary code with the privileges of the user invoking the JRE.
http://www.securityfocus.com/bid/39065
April 14, 2010
2010-04-14: GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38628
April 14, 2010
2010-04-14: Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39300
April 14, 2010
2010-04-14: Microsoft Visio Index Calculation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39302
April 14, 2010
2010-04-14: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.
http://www.securityfocus.com/bid/39132
April 14, 2010
2010-04-14: mimeTeX Multiple Information Disclosure Vulnerabilities Attackers may leverage these issues to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/36632
April 14, 2010
2010-04-14: mimeTeX Multiple Stack Buffer Overflow Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/36631
April 14, 2010
2010-04-14: JA Comment Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39516
April 14, 2010
2010-04-14: Delicious Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39513
April 14, 2010
2010-04-14: Love Factory Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39512
April 14, 2010
2010-04-14: MT Fire Eagle Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39509
April 14, 2010
2010-04-14: Photo Battle Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39504
April 14, 2010
2010-04-14: S5 Clan Roster 'com_s5clanroster' Joomla! Component Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39503
April 14, 2010
2010-04-14: wgPicasa Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39497
April 14, 2010
2010-04-14: RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities Exploiting these issues may allow attackers to gain unauthorized access to affected computers. Failed attempts may cause crashes and deny service to legitimate users of the application.
http://www.securityfocus.com/bid/39490
April 14, 2010
2010-04-14: Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
http://www.securityfocus.com/bid/39489
April 14, 2010
2010-04-14: media Mall Factory Joomla! Component 'category' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39488
April 14, 2010
2010-04-14: almnzm 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39487
April 13, 2010
T-347: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability Multiple VMware-hosted products are prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks. This risk is undetermined.
http://www.doecirc.energy.gov/bulletins/t-347.shtml
April 13, 2010
TA10-103C: Adobe Reader and Acrobat Vulnerabilities An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a website. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF document.
http://www.us-cert.gov/cas/techalerts/TA10-103C.html
April 13, 2010
TA10-103B: Oracle Updates for Multiple Vulnerabilities The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
April 13, 2010
MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing A spoofing vulnerability exists in the Microsoft Windows IPv6 stack due to the way that Windows checks the inner packet's IPv6 source address in a tunneled ISATAP packet. An attacker who successfully exploited this vulnerability could impersonate an address to bypass edge or host firewalls. Additionally, information could be disclosed when the targeted computer replies to the message using the source IPv6 address that the attacker specified.
http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx
April 13, 2010
MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Visio calculates indexes when handling specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
April 13, 2010
MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution A remote code execution vulnerability exists in the Windows Media Player ActiveX control. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs or view, change, or delete data with full user rights.
http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
April 13, 2010
MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
April 13, 2010
MS10-025: Vulnerability in Microsoft's Windows Media Services Could Allow REmote Code Execution A remote code execution vulnerability exists in Microsoft Windows 2000 Server Service Pack 4 running the optional Windows Media Services component due to the way the Windows Media Unicast Service handles specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default. Only Microsoft Windows 2000 Server systems that have enabled Windows Media Services are affected by this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
April 13, 2010
MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component due to the manner in which the SMTP component handles memory allocation. An attacker could exploit the vulnerability by sending invalid commands, followed by the STARTTLS command, to an affected server. An attacker who successfully exploited this vulnerability could read random e-mail message fragments stored on the affected server. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
April 13, 2010
MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file.
http://www.microsoft.com/technet/security/Bulletin/MS10-023.mspx
April 13, 2010
MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, the Windows Help System would be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://www.microsoft.com/technet/security/Bulletin/MS10-022.mspx
April 13, 2010
MS10-021: Vulnerabilities in Windows Kernel could allow Elevation of Privilege A denial of service vulnerability exists in the Windows kernel due to the way that the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application, causing the system to become unresponsive and automatically restart.
http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
April 13, 2010
MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
April 13, 2010
MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution
A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file formats. An anonymous attacker could exploit the vulnerability by modifying an existing signed cabinet file to point the unverified portions of the signature to malicious code, and then convincing a user to open or view the specially crafted cabinet file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
April 12, 2010
T-346: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
MIT Kerberos is prone to a remote denial-of-service vulnerability in 'kadmind'. An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. MIT Kerberos 5 1.5 through 1.6.3 are vulnerable. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-346.shtml
April 09, 2010
2010-04-09: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.
http://www.securityfocus.com/bid/39132
April 09, 2010
2010-04-09: Drupal Views Module Cross Site Scripting and PHP Code Injection Vulnerabilities An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process.
http://www.securityfocus.com/bid/39301
April 09, 2010
2010-04-09: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/38952
April 09, 2010
2010-04-09: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/39013
April 09, 2010
2010-04-09: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.
http://www.securityfocus.com/bid/31692
April 09, 2010
2010-04-09: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/38533
April 09, 2010
2010-04-09: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability SpamAssassin Milter Plugin is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges.
http://www.securityfocus.com/bid/38578
April 09, 2010
2010-04-09: MoinMoin 'Despam' Action HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
http://www.securityfocus.com/bid/39110
April 09, 2010
2010-04-09: Microsoft Internet Explorer 'Tabular Data Control' ActiveX Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/39025
April 09, 2010
2010-04-09: VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities VMware hosted products are prone to multiple remote and local vulnerabilities: A remote arbitrary code-execution vulnerability, a privilege-escalation vulnerabillity, multiple heap-based buffer-overflow vulnerabilities, multiple format-string vulnerabilities, a remote denial-of-service vulnerabillity, and an information-disclosure vulnerability. An attacker can exploit these issues to execute arbitrary code, elevate privileges, cause denial-of-service conditions, and obtain sensitive information. Other attacks are also possible.
http://www.securityfocus.com/bid/39345
April 09, 2010
2010-04-09: Linux Kernel ReiserFS Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/39344
April 08, 2010
T-344: Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data when parsing FLC encoded '.fli' movie files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-344.shtml
April 08, 2010
2010-04-08: ClamAV Security Bypass And Memory Corruption Vulnerabilities Attackers may exploit the issues to bypass certain security restrictions or execute arbitrary code in the context of the application. Failed exploit attempts may result in denial-of-service conditions.
http://www.securityfocus.com/bid/39262
April 08, 2010
2010-04-08: myMP3-Player '.m3u' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/38835
April 08, 2010
2010-04-08: udisks 'probers/udisks-dm-export.c' Local Information Disclosure Vulnerability Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/39265
April 08, 2010
2010-04-08: Joomla! AWD Wall Component 'cbuser' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/38194
April 08, 2010
2010-04-08: Pulse CMS 'view.php' Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/38356
April 08, 2010
2010-04-08: Joomla! UIajaxIM Component Arbitrary Script Injection Vulnerability The 'UIajaxIM' component for Joomla! is prone to a vulnerability that an attacker could exploit to execute arbitrary script code in the context of the webserver. The issue occurs because the component fails to properly sanitize user-supplied input. Successful exploits may compromise the application.
http://www.securityfocus.com/bid/35798
April 08, 2010
2010-04-08: Foxit Reader Remote Code Execution Vulnerability Foxit Reader is prone to a remote code-execution vulnerability because it fails to properly restrict access to certain functionality. An attacker can exploit this issue by enticing a user to open a malicious PDF file. Successful exploits may allow the attacker to execute arbitrary code or commands in the context of a user running the affected application.
http://www.securityfocus.com/bid/39109
April 08, 2010
2010-04-08: Multiple Vendor 'librpc.dll' Stack Buffer Overflow Vulnerability Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/38472
April 08, 2010
2010-04-08: Apple QuickTime CoreMedia H.263 Encoded '.3g2' Movie Files Heap Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
http://www.securityfocus.com/bid/39167
April 08, 2010
2010-04-08: TUGZip 3.5 ZIP File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39180
April 08, 2010
2010-04-08: Linux Kernel 'nameidata' Null Pointer Dereference Vulnerability An attacker can exploit this issue to crash the affected system. Due to the nature of the issue, code execution is possible; however, it has not been confirmed.
http://www.securityfocus.com/bid/39186
April 08, 2010
2010-04-08: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
http://www.securityfocus.com/bid/36935
April 08, 2010
2010-04-08: Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability An attacker can exploit this issue to gain unauthorized network access. Successfully exploiting this issue may lead to further attacks.
http://www.securityfocus.com/bid/39234
April 08, 2010
2010-04-08: gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability The 'gnome-screensaver' application is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.
http://www.securityfocus.com/bid/38211
April 08, 2010
2010-04-08: Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.
http://www.securityfocus.com/bid/39081
April 08, 2010
2010-04-08: Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.
http://www.securityfocus.com/bid/39078
April 08, 2010
2010-04-08: Joomla! JA Voice Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39343
April 08, 2010
2010-04-08: Joomla! Webee Comments Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39342
April 08, 2010
2010-04-08: Joomla! foobla Suggestions Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39341
April 08, 2010
2010-04-08: Joomla! Realtyna Translator Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39337
April 08, 2010
2010-04-08: AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
http://www.securityfocus.com/bid/39334
April 08, 2010
2010-04-08: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
http://www.securityfocus.com/bid/39331
April 08, 2010
2010-04-08: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities Adobe released advance notification that on April 13, 2010, the vendor will be releasing a security bulletin addressing multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities are rated 'critical'.
http://www.securityfocus.com/bid/39329
April 08, 2010
2010-04-08: Smileys Module For Drupal Delete URI Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.
http://www.securityfocus.com/bid/39316
April 08, 2010
2010-04-08: TCPDF 'params' Attribute Remote Code Execution Weakness
An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.
http://www.securityfocus.com/bid/39315
April 08, 2010
2010-04-08: MODx Evolution Cross Site Scripting and SQL Injection Vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39310
April 08, 2010
2010-04-08: Joomla! 'com_articles' Component 'sid' Parameter SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39307
April 07, 2010
T-343: Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
Oracle Java SE and Java for Business are prone to a remote vulnerability in the Java Runtime Environment. The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. This risk is Moderate.
http://www.doecirc.energy.gov/bulletins/t-343.shtml
April 07, 2010
2010-04-07: Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory.
http://www.securityfocus.com/bid/37945
April 07, 2010
2010-04-07: Apache Tomcat WAR File Directory Traversal Vulnerability
Exploiting this issue allows attackers to delete or overwrite arbitrary files within the context of the webserver.
http://www.securityfocus.com/bid/37944
April 07, 2010
2010-04-07: Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks.
http://www.securityfocus.com/bid/37942
April 07, 2010
2010-04-07: Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
Mozilla Firefox and SeaMonkey are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.
http://www.securityfocus.com/bid/37368
April 07, 2010
2010-04-07: Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability
Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE.
http://www.securityfocus.com/bid/39062
April 07, 2010
2010-04-07: Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability
A local attacker can exploit this issue to corrupt system files, resulting in a denial-of-service condition. Other attacks may be possible.
http://www.securityfocus.com/bid/38326
April 07, 2010
2010-04-07: Samba Symlink Directory Traversal Vulnerability
Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks. To exploit this issue, attackers require authenticated access to a writable share. Note that this issue may be exploited through a writable share accessible by guest accounts.
http://www.securityfocus.com/bid/38111
April 07, 2010
2010-04-07: Intel Active Management Technology SDK Remote Buffer Overflow Vulnerability
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39043
April 07, 2010
2010-04-07: Apple Mac OS X Preferences System Login Restrictions Authentication Bypass Security Vulnerability
An attacker can exploit this issue to gain unauthorized access to the affected computer. Succesful exploits may lead to other attacks.
http://www.securityfocus.com/bid/39153
April 07, 2010
2010-04-07: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
http://www.securityfocus.com/bid/37118
April 07, 2010
2010-04-07: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
http://www.securityfocus.com/bid/37865
April 07, 2010
2010-04-07: Stack Ideas 'com_sectionex' Component for Joomla! Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/38751
April 07, 2010
2010-04-07: CUPS 'lppasswd' Tool Localized Message String Security Weakness
Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers.
http://www.securityfocus.com/bid/38524
April 07, 2010
2010-04-07: ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Other attacks are also possible.
http://www.securityfocus.com/bid/35848
April 07, 2010
2010-04-07: Mahara Username Generation SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39253
April 07, 2010
2010-04-07: Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.
http://www.securityfocus.com/bid/34918
April 07, 2010
2010-04-07: Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.
http://www.securityfocus.com/bid/31862
April 07, 2010
2010-04-07: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.
http://www.securityfocus.com/bid/39247
April 07, 2010
2010-04-07: MIT Kerberos Multiple Memory Corruption Vulnerabilities
Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities.
http://www.securityfocus.com/bid/26750
April 07, 2010
2010-04-07: Linux Kernel 'sctp_rcv_ootb()' Remote Denial of Service Vulnerability
Attackers can exploit this issue to cause an infinite loop, denying service to legitimate users.
http://www.securityfocus.com/bid/38857
April 07, 2010
2010-04-07: Istgah For Centerhost 'view_ad.php' Cross-Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39330
April 07, 2010
2010-04-07: IBM Systems Director Agent Insecure File Permissions Vulnerabilities
IBM Systems Director Agent is prone to multiple security vulnerabilities because it sets insecure file permissions. An attacker can exploit these issues to perform unauthorized actions by executing the affected scripts.
http://www.securityfocus.com/bid/39305
April 07, 2010
2010-04-07: Drupal Internationalization Module Cross Site Scripting Vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39304
April 07, 2010
2010-04-07: Plume CMS Multiple Local File Include Vulnerabilities
An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39299
April 07, 2010
2010-04-07: vel File Uploader Remote File Upload Vulnerability
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.securityfocus.com/bid/39294
April 07, 2010
2010-04-07: AnyZip ZIP File Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39287
April 07, 2010
2010-04-07: FreePHPWebsiteSoftware 'default_theme.php' Remote File Include Vulnerability
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
http://www.securityfocus.com/bid/39280
April 07, 2010
2010-04-07: PotatoNews 'nid' Parameter Multiple Local File Include Vulnerabilities
An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39276
April 07, 2010
2010-04-07: abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities
The attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the application, gain access to local files, and execute arbitrary postscript code.
http://www.securityfocus.com/bid/39271
April 07, 2010
2010-04-07: MediaWiki Cross Site Request Forgery Vulnerability
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
http://www.securityfocus.com/bid/39270
April 07, 2010
2010-04-07: aWiki Component for Joomla! 'controller' Parameter Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39267
April 07, 2010
2010-04-07: VJDEO Component for Joomla! 'controller' Parameter Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39266
April 06, 2010
T-342: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability
Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This vulnerability affects Mozilla Firefox 3.6.x versions. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-342.shtml
April 06, 2010
2010-04-06: Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
http://www.securityfocus.com/bid/39140
April 06, 2010
2010-04-06: Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/39023
April 06, 2010
2010-04-06: Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.securityfocus.com/bid/31168
April 06, 2010
2010-04-06: Apple QuickTime H.264 Movie File Remote Code Execution Vulnerability
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
http://www.securityfocus.com/bid/39159
April 06, 2010
2010-04-06: Python zlib Module Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/28715
April 06, 2010
2010-04-06: Miranda IM Information Disclosure Vulnerability
Successful exploits of this issue may allow attackers to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information.
http://www.securityfocus.com/bid/39209
April 06, 2010
2010-04-06: Jzip ZIP File Remote Buffer Overflow Vulnerability
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39326
April 06, 2010
2010-04-06: ShopSystem 'view_image.php' SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39260
April 06, 2010
2010-04-06: Joomla! 'com_xobbix' Component 'prodid' Parameter SQL Injection Vulnerability
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/39259
April 06, 2010
2010-04-06: Virata EmWeb URI Remote Denial Of Service Vulnerability
Successful exploits will cause the device to reset, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code, but this has not been confirmed.
http://www.securityfocus.com/bid/39257
April 06, 2010
2010-04-06: The Best Makers Appointment Component for Joomla! Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39254
April 06, 2010
2010-04-06: joomla-flickr Component 'controller' Parameter Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39251
April 06, 2010
2010-04-06: NextGEN Gallery WordPress Plugin 'xml/media-rss.php' Cross Site Scripting Vulnerability
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/39250
April 06, 2010
2010-04-06: Computer Associates XOsoft Unspecified SOAP Request Information Disclosure Vulnerability
Computer Associates XOsoft is prone to an information-disclosure vulnerability because of a lack of appropriate authentication. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
http://www.securityfocus.com/bid/39249
April 06, 2010
2010-04-06: JOOFORGE Jukebox Component for Joomla! 'controller' Parameter Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39248
April 06, 2010
2010-04-06: Affiliate Feeds Component for Joomla! 'controller' Parameter Local File Include Vulnerability
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.securityfocus.com/bid/39246
April 06, 2010
2010-04-06: Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
http://www.securityfocus.com/bid/39244
April 06, 2010
2010-04-06: McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.
http://www.securityfocus.com/bid/39242
April 06, 2010
2010-04-06: Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/39238
April 06, 2010
2010-04-06: Microsoft Office Communicator SIP Remote Denial of Service Vulnerability
Exploiting this issue allows remote attackers to cause denial-of-service conditions.
http://www.securityfocus.com/bid/39221
April 05, 2010
T-341: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability
Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the WebDAV functionality. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-341.shtml
April 02, 2010
T-340: Jabber Studio JabberD Remote Denial Of Service Vulnerability
Jabber Studio 'jabberd' is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network messages. An attacker may leverage this issue by causing the affected server to crash, denying service to legitimate users. This issue can be exploited through the use of a client application for jabber.
http://www.doecirc.energy.gov/bulletins/t-340.shtml
April 02, 2010
T-339: Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This issue was disclosed by Nils during the Pwn2Own 2010 contest as part of the CanSecWest security conference.
http://www.doecirc.energy.gov/bulletins/t-339.shtml
|
Category Blog
