Technical Cyber Security Alert 2010-12B - Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.
f028502ac6dd493464ea3f70a4b114253bffdf66a21c5f0ef3a08a8857e35f91Zero Day Initiative Advisory 10-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.
eaab05ade537567d886353e24666c9cfbc4f2f7641f54907b4f4d494d750b97cHITB Magazine Volume 1 Issue 1 -This issue covers LDAP injection, DLL injection, malware obfuscation, and more.
319e8e5f21288a3ea68e38d69615dda7eee252b5dab391cc4f315b76b4c5dfe2Technical Cyber Security Alert 2010-12A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
66318ec5e6b50f8c7a2090961690e97fdf00ea33929d90213571a3434276fabeUbuntu Security Notice 881-1 - It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.
31e4fb70f3ecd781baa58da93b9e3297fbb653573906b0bbf267c436cddbf97fGoogle Maps suffered from a cross site scripting vulnerability. This was patched the same day as it was publicly disclosed.
ceadd5d42578a51846404a083d2bc06590816e3f1e2797e178d4f40956bf0b98Calendar Express 2 version 2.0 suffers from a cross site scripting vulnerability.
ef606f40ab468debfd3f62da5185c8d532378a1f2a6d517da4edf92600ea0a07Apple Iphone/Ipod Udisk FTP Basic Edition version 1.0 suffers from a remote pre-authentication denial of service vulnerability. Proof of concept included.
61c9187af88986c047247c30f3fd179106e0f4b73a5dbf9537e545fd559de528Mandriva Linux Security Advisory 2010-003 - sendmail before 8.14.4 does not properly handle a '\\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability.
6a0b749906bd2570fc2a1ed587e5404a72ae2b8800fbf7d9dcf16049002ad696Mandriva Linux Security Advisory 2010-002 - Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. This update provides pidgin 2.6.5, which is not vulnerable to this issue.
ac9b6842791f7c730b551d92d7aafc5dc0382a32ff7a90cb3d3e9b3104c96f40Mandriva Linux Security Advisory 2010-001 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues.
3df073cfcd0eb8dacde51434399435c3bc22bb5812e0f65e1f416e204318edd8LayoutCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
1389be10504beb7eafad470b6ddf9eb21fe17c179c11fc003bb67ca3a06a4574PhPepperShop Webshop version 2.5 suffers from a cross site scripting vulnerability.
b26f9c3ae0fb777f296c172fe5e17f75a4827fa40abcc3c00c1698b94b5fa9aaVisioSight Script version 1.0 suffers from a remote SQL injection vulnerability.
62f19aa4a79cd27fc1db462a23374b12192d65f8ccc3cbb53619c18256915ae4Commercial CMS version 1.0 suffers from a cross site scripting vulnerability.
83cb5553d0535b572c30c6cf66384d0a47bd12c1090a4819825893b11ab05777Docmint CMS version 1.0 suffers from a cross site scripting vulnerability.
5ebc6d390bc32b03d7c27f2c23816ba2079974996115484fd8daf471f7d95203SBD Directory version 4.0 suffers from a cross site scripting vulnerability.
0223518d047c0f92fcb81d523952151b68677830bd13e6946699adb43be48680IBM Cognos 8 Business Intelligence version 8.4.1 suffers from a cross site scripting vulnerability.
a7a2a85ecc50620083d66605c904d469c0a990116e3e0f5b5a3ffc34938dbf2a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed