Next Page >>
Zero Day
Problem Description:
Security issues were identified and fixed in firefox:
Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).
Problem Description:
Security issues were identified and fixed in firefox:
Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that
with enough effort at least some of these could be exploited to run
arbitrary code (CVE-2011-2982).
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a SVG text manipulation routine contained a dangling
pointer vulnerability (CVE-2011-0084).
Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
event management code that would permit JavaScript to be run in the
The Zero Day Initiative advisory ZDI-08-088 has several inaccuracies.
Oracle actually fixed this vulnerability as part of the April 2007 Critical
Patch Update and subsequently in ATG_PF.H RUP5 and later. The vulnerability
is a serious SQL injection bug in a Self-Service Web Application database
package that is called and accessible through mod_plsql. Mod_plsql is an
Apache module and part of an Oracle web framework which allows database
packages to dynamically generate web pages. The vulnerable
schema.package.procedure name is APPS.ICXSUPWF.DISPLAYCONTACTS and all
versions 115.6 and prior are vulnerable. When creating intrusion
detection/prevention rules for this vulnerability, the URL will normally
ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-039
February 3, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-102
March 2, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-094
June 8, 2010
-- CVE ID:
CVE-2010-1399
-- Affected Vendors:
Apple
ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-099
June 8, 2010
-- CVE ID:
CVE-2010-1403
-- Affected Vendors:
Apple
ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-087
May 11, 2010
-- CVE ID:
CVE-2010-1281
-- Affected Vendors:
Adobe
ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-082
May 11, 2010
-- CVE ID:
CVE-2010-1551
-- Affected Vendors:
Hewlett-Packard
ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-044
April 2, 2010
-- CVE ID:
CVE-2010-0520
-- Affected Vendors:
Apple
ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-081
May 11, 2010
-- CVE ID:
CVE-2010-1550
-- Affected Vendors:
Hewlett-Packard
ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-054
April 5, 2010
-- CVE ID:
CVE-2010-0841
-- Affected Vendors:
Sun Microsystems
ZDI-10-070: Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-070
April 13, 2010
-- CVE ID:
CVE-2010-0268
-- Affected Vendors:
Microsoft
ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-060
April 5, 2010
-- CVE ID:
CVE-2010-0842
-- Affected Vendors:
Sun Microsystems
ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-084
May 11, 2010
-- CVE ID:
CVE-2010-1553
-- Affected Vendors:
Hewlett-Packard
ZDI-10-035: Apple QuickTime genl Atom Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-035
April 2, 2010
-- CVE ID:
CVE-2010-0526
-- Affected Vendors:
Apple
ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-079
April 28, 2010
-- CVE ID:
CVE-2010-1317
-- Affected Vendors:
RealNetworks
ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-023
March 1, 2010
-- CVE ID:
CVE-2009-2754
-- Affected Vendors:
IBM
EMC
ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-012
January 21, 2010
-- CVE ID:
CVE-2010-0246
-- Affected Vendors:
Microsoft
ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-083
May 11, 2010
-- CVE ID:
CVE-2010-1552
-- Affected Vendors:
Hewlett-Packard
ZDI-10-075: Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-075
April 13, 2010
-- CVE ID:
CVE-2010-0897
-- Affected Vendors:
Sun Microsystems
ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-056
April 5, 2010
-- CVE ID:
CVE-2010-0840
-- Affected Vendors:
Sun Microsystems
ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-102
June 8, 2010
-- CVE ID:
CVE-2010-1262
-- Affected Vendors:
Microsoft
ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-048
April 2, 2010
-- CVE ID:
CVE-2010-0176
-- Affected Vendors:
Mozilla Firefox
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-063
April 5, 2010
-- CVE ID:
CVE-2010-1121
-- Affected Vendors:
Mozilla Firefox
ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-104
June 8, 2010
-- CVE ID:
CVE-2010-0821
-- Affected Vendors:
Microsoft
ZDI-10-036: Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-036
April 2, 2010
-- CVE ID:
CVE-2010-0062
-- Affected Vendors:
Apple
ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-077
April 21, 2010
-- CVE ID:
CVE-2010-1278
-- Affected Vendors:
Adobe
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-113
June 23, 2010
-- CVE ID:
CVE-2010-1199
-- Affected Vendors:
Mozilla Firefox
Next Page>>
|
