<< Previous Next >>
remote
Problem Description:
Security issues were identified and fixed in openjdk (icedtea6)
and icedtea-web:
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
via unknown vectors related to Networking (CVE-2011-3547).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
February 02, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Packages : qt4-x11
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713
CVE-2009-1725 CVE-2009-2700
Debian Bugs : 532718 534946 538347 545793
November 4, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3628 CVE-2009-3629 CVE-2009-3630 CVE-2009-3631
CVE-2009-3632 CVE-2009-3633 CVE-2009-3634 CVE-2009-3635
CVE-2009-3636
Debian Bug : 552020
Problem Description:
Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK:
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
Problem Description:
Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK:
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
May 05, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
CVE-2009-1182 CVE-2009-1183
May 06, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kdegraphics
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
CVE-2009-1182 CVE-2009-1183
Application: WinCom LPD Total - Line Printer Daemon
http://clientsoftware.com.au/lpd.html
Versions: <= 3.0.2.623
Platforms: Windows
Bugs: A] buffer-overflow in control filename
B] remote administration bypassing
C] integer memcpy crash in remote administration
D] buffer-overflow in remote administration
Exploitation: remote
Date: 04 Feb 2008
Author: Luigi Auriemma
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573)
multiple FTP-based vulnerabilities
Class : Remote directory traversal, Remote DoS
Threat level : HIGH
Discovered : 2007-09-06
Published : 2007-08-24
Credit : Gynvael Coldwind
Vulnerable : 0.92 (build 573), 0.92 (build 565), prior also may be affected
March 10, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778
Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+. The Common Vulnerabilities and Exposures project identifies
Summary
=======
Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N
Wireless-N Gigabit Security Routers have several web interface
vulnerabilities that can be exploited by a remote, unauthenticated
user.
Cisco has released free software updates that address these
vulnerabilities.
| |
|------------------------------------------------------------------|
Advisory : CORELAN-10-015
Disclosure date : March 20, 2010
http://www.corelan.be:8800/index.php/forum/security-advisories/remote-help-httpd-denial-of-service/
0x00 : Vulnerability information
--------------------------------
Problem Description:
Vulnerabilities have been discovered and corrected in xine-lib:
Failure on Ogg files manipulation can lead remote attackers to cause
a denial of service by using crafted files (CVE-2008-3231).
Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).
October 07, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : graphicsmagick
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986
CVE-2007-4988 CVE-2008-1096 CVE-2008-3134 CVE-2008-6070
CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882
Debian Bugs : 414370 417862 444266 491439 530946
Vulnerability Table
===================
1. IBM Tivoli Provisioning Manager Express Multiple Cross-Site
Scripting Vulnerabilities
2. IBM Tivoli Provisioning Manager Express Remote Username
Enumeration Weakness
3. Computer Associates eTrust Threat Management Console
IP Address HTML Injection Weakness
4. Gadu-Gadu Skin Attribute Handling Remote Denial of Service
Vulnerability
Class: Bypassing Intended Security Controls
CVE: <NA>
Remote: Yes
Local: Yes
Published: August 11, 2010
Timeline: Submission to MITRE: August 11, 2010
Credit: Jeromie Jackson CISSP, CISM
COBIT & ITIL Certified
President- San Diego Open Web Application Security Project (OWASP)
Vice President- San Diego Information Audit & Control Association (ISACA)
Problem Description:
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
Problem Description:
Multiple vulnerabilities has been identified and fixed in ffmpeg:
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
pointer arithmetic, which might allow remote attackers to obtain
sensitive memory contents and cause a denial of service via a crafted
file that triggers an out-of-bounds read. (CVE-2009-4632)
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
comparison operator was intended, which might allow remote attackers
Summary
=======
Cisco Small Business SRP500 Series Services Ready Platforms contain an
operating system command injection vulnerability. The vulnerability
can be exploited via a remote session to the Services Ready Platform
Configuration Utility web interface.
Cisco has released free software updates that address this
vulnerability.
Security issues were identified and fixed in firefox:
An unspecified function in the JavaScript implementation in Mozilla
Firefox creates and exposes a temporary footprint when there is
a current login to a web site, which makes it easier for remote
attackers to trick a user into acting upon a spoofed pop-up message,
aka an in-session phishing attack. (CVE-2008-5913).
The JavaScript implementation in Mozilla Firefox 3.x allows remote
attackers to send selected keystrokes to a form field in a hidden
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
The Network Time Protocol (NTP) is used to synchronize the time of
a computer client or server to another server or reference time
source.
A vulnerability in ntpd could allow a remote attacker to cause a
denial of service (CPU and bandwidth consumption) by using
MODE_PRIVATE to send a spoofed (1) request or (2) response packet
that triggers a continuous exchange of MODE_PRIVATE error responses
between two NTP daemons.
In 2006 colleague Brett Moore, discovered a similar vulnerability in Skype
which led to certain security restrictions being enforced when using the
Skype: URI handler. Brett’s exploit at the time involved including additional
command line arguments to the Skype.exe process which would send a file to a
remote user when a Skype link was clicked.
Changes were made to Skype to remove available command line arguments when
the /URI argument is present, and to resolve the discovered injection vulnerability.
Although many of the useful arguments have been disallowed, Security-Assessment.com
found that the /Datapath argument can be included and directed to a remote SMB
service (application crash) or execute arbitrary code via unspecified
vectors, related to memory safety issues. (CVE-2009-3388)
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used
in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a video with large dimensions
(CVE-2009-3389).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1,
update handles this issue by completely disabling MD2 for certificate
validation in OpenJDK. (CVE-2009-2409)
It was discovered that ICC profiles could be identified with
".." pathnames. If a user were tricked into running a specially
crafted applet, a remote attacker could gain information about a local
system. (CVE-2009-3728)
Peter Vreugdenhil discovered multiple flaws in the processing of graphics
in the AWT library. If a user were tricked into running a specially
crafted applet, a remote attacker could crash the application or run
Dear Tom Neaves,
It still can be exploited from Internet even if "remote management" is
only accessible from local network. If you can trick user to visit Web
page, you can place a form on this page which targets to router and
request to router is issued from victim's browser.
--Tuesday, June 16, 2009, 2:11:27 AM, you wrote to m.elyazghi@gmail.com:
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple buffer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in
Cisco PIX and Cisco ASA
Advisory ID: cisco-sa-20080903-asa
Revision 1.0
We apologize for the inconvenience.
Original advisory details:
It was discovered that the wordwrap function did not correctly
check lengths. Remote attackers could exploit this to cause
a crash or monopolize CPU resources, resulting in a denial of
service. (CVE-2007-3998)
Integer overflows were discovered in the strspn and strcspn functions.
Attackers could exploit this to read arbitrary areas of memory, possibly
necessary changes.
Details follow:
It was discovered that the wordwrap function did not correctly
check lengths. Remote attackers could exploit this to cause
a crash or monopolize CPU resources, resulting in a denial of
service. (CVE-2007-3998)
Integer overflows were discovered in the strspn and strcspn functions.
Attackers could exploit this to read arbitrary areas of memory, possibly
<<Previous Next>>
|
