Section: .. / Last 20 Advisory Files /
| /// File Name: | MDVSA-2010-062.txt | Description:
| Mandriva Linux Security Advisory 2010-062 - content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | does not properly restrict the amount of callback data sent to an application that requests automatic decompression, when zlib is enabled,Mandriva,http://www.mandriva.com/security/. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8250 | | Related CVE(s): | CVE-2010-0734 | | Last Modified: | Mar 19 22:41:17 2010 | | MD5 Checksum: | 05c20c297f8da93108c96e8fddbd13cc |
|
| /// File Name: | CA20100318-01.txt | Description:
| CA's support is alerting customers to security risks with CA ARCserve Backup. The version of JRE shipped with ARCserve Backup is potentially susceptible to multiple vulnerabilities and has also reached end of life. Support is providing JRE 1.6 upgrades as remediation. | | Author: | Kevin Kotas | | Homepage: | http://www3.ca.com/ | | File Size: | 2468 | | Last Modified: | Mar 19 22:39:58 2010 | | MD5 Checksum: | 39b4f795f0d4f2b19a949182519db623 |
|
| /// File Name: | USN-915-1.txt | Description:
| Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19073 | | Related CVE(s): | CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163 | | Last Modified: | Mar 18 22:36:51 2010 | | MD5 Checksum: | b1e32685bd8203c6cf50424db44e1118 |
|
| /// File Name: | dsa-2018-1.txt | Description:
| Debian Linux Security Advisory 2018-1 - Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes (because of a NULL pointer dereference) when processing invalid XML-RPC requests. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 53065 | | Related CVE(s): | CVE-2010-0397 | | Last Modified: | Mar 18 22:31:54 2010 | | MD5 Checksum: | f37f54beb719713cf6d8cad2c3ff44ac |
|
| /// File Name: | dsa-2015-1.txt | Description:
| Debian Linux Security Advisory 2015-1 - A local vulnerability has been discovered in drbd8. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 236406 | | Last Modified: | Mar 18 10:55:22 2010 | | MD5 Checksum: | c762b8e740f7d414f8852a48c921fa87 |
|
| /// File Name: | miranda-fail.txt | Description:
| Miranda versions 0.8.16 and 0.9.0 alpha build #6 Unicode and SVN rev. 11383 suffer from a silent TLS failure. | | Author: | Jan Schejbal | | File Size: | 2026 | | Last Modified: | Mar 17 19:10:46 2010 | | MD5 Checksum: | faf4a2b8a510aea1894b2cc17b22289a |
|
| /// File Name: | USN-914-1.txt | Description:
| Ubuntu Security Notice 914-1 - Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 159562 | | Related CVE(s): | CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622, CVE-2010-0623 | | Last Modified: | Mar 17 18:35:36 2010 | | MD5 Checksum: | 06a07f29fba6efe5a2d2ad91ac618b24 |
|
| /// File Name: | secunia-qfxsrf.txt | Description:
| Secunia Research has discovered a vulnerability in Quicksilver Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL queries by tricking a logged in administrator into visiting a malicious web site. | | Homepage: | http://secunia.com/ | | File Size: | 4446 | | Last Modified: | Mar 17 18:34:35 2010 | | MD5 Checksum: | 272179a9f78ab71c2ade4e2b7ce9f79c |
|
| /// File Name: | secunia-qfbidisclose.txt | Description:
| Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious people to disclose potentially sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. | | Homepage: | http://secunia.com/ | | File Size: | 4469 | | Last Modified: | Mar 17 18:27:18 2010 | | MD5 Checksum: | 7cdbe957564918e29559a390e72e6652 |
|
| /// File Name: | secunia-qfmddisclose.txt | Description:
| Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious, local users to disclose sensitive information. The application passes the database password via the command line to the "mysqldump" utility, which may disclose the password via the process list. | | Homepage: | http://secunia.com/ | | File Size: | 4280 | | Last Modified: | Mar 17 18:21:20 2010 | | MD5 Checksum: | e7161deac23c4bea4473bac95e0456b3 |
|
| /// File Name: | USN-913-1.txt | Description:
| Ubuntu Security Notice 913-1 - It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 17736 | | Related CVE(s): | CVE-2009-2042, CVE-2010-0205 | | Last Modified: | Mar 16 20:04:21 2010 | | MD5 Checksum: | e34dd3abb0e2d79fb917042a37af2af6 |
|
| /// File Name: | CORE-2009-0803.txt | Description:
| Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. | | Author: | Core Security Technologies,Diego Juarez,Nicolas A. Economou | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 36508 | | Last Modified: | Mar 16 19:53:29 2010 | | MD5 Checksum: | 936c26e59571a54c68f677c92c973253 |
|
| /// File Name: | USN-912-1.txt | Description:
| Ubuntu Security Notice 912-1 - It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 15508 | | Related CVE(s): | CVE-2008-5824 | | Last Modified: | Mar 16 19:47:32 2010 | | MD5 Checksum: | cea5bb89800954462cbfdec1bfb278eb |
|
| /// File Name: | ZDI-10-032.txt | Description:
| Zero Day Initiative Advisory 10-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2648 | | Last Modified: | Mar 16 19:47:16 2010 | | MD5 Checksum: | e2375d89695fe12b1a00cc15adebefb0 |
|
| /// File Name: | ZDI-10-031.txt | Description:
| Zero Day Initiative Advisory 10-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callback pointer during the destruction of a particular type of element when embedded inside a 'blink' container. The application dereferences the original resource which can can be leveraged by an attacker to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2910 | | Last Modified: | Mar 16 19:40:43 2010 | | MD5 Checksum: | 43ec94b162ba7d2b0766fafde3e3e294 |
|
| /// File Name: | dsa-2017-1.txt | Description:
| Debian Linux Security Advisory 2017-1 - Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 59070 | | Related CVE(s): | CVE-2009-1299 | | Last Modified: | Mar 16 19:28:16 2010 | | MD5 Checksum: | c7940506ee2f24afcaa65332c6a54d6b |
|
| /// File Name: | ZDI-10-030.txt | Description:
| Zero Day Initiative Advisory 10-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari and other WebKit based browsers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of the run-in value for display CSS styles. A specially crafted web page can cause a use after free() condition in WebKit's WebCore::RenderBlock() method. This can be further leveraged by attackers to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2745 | | Last Modified: | Mar 16 19:23:46 2010 | | MD5 Checksum: | 01f4bf61bb7cbb5256b0ad70e2ff46d0 |
|
| /// File Name: | ZDI-10-029.txt | Description:
| Zero Day Initiative Advisory 10-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the WebCore's HTMLObjectElement::renderFallBackContent() method. By rewriting an HTML element via the document's innerHTML() method a memory corruption occurs resulting from a call-after-free. This can be leveraged to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2730 | | Related CVE(s): | CVE-2010-0050 | | Last Modified: | Mar 15 22:50:04 2010 | | MD5 Checksum: | 8ead72db8cf3df3d033a75fb0998dc6b |
|
| /// File Name: | dsa-2016-1.txt | Description:
| Debian Linux Security Advisory 2016-1 - Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3982 | | Last Modified: | Mar 15 16:45:07 2010 | | MD5 Checksum: | 3afeca7667d6b60d40cd47e65bce1805 |
|
| /// File Name: | vupensafari-overflow.txt | Description:
| VUPEN Vulnerability Research Team discovered a vulnerability in Apple Safari. The flaw is caused by an integer overflow error in ColorSync when processing certain images with an embedded color profile, which could be exploited by attackers to potentially execute arbitrary code via a specially crafted web page. Versions prior to 4.0.5 are vulnerable. | | Author: | Sebastien Renaud | | Homepage: | http://www.vupen.com/ | | File Size: | 2475 | | Related CVE(s): | CVE-2010-0040 | | Last Modified: | Mar 12 18:05:36 2010 | | MD5 Checksum: | c8de629e8f529ce136e1977f175da33a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
