Next Page >>
multiple platforms
A potential security vulnerability has been identified with the HP OpenView Business Process Insight family of products running Shared Trace Service on Windows. The vulnerability could be remotely exploited to execute arbitrary code. The HP OpenView Business Process Insight family of products includes HP OpenView Business Process Insight (OVBPI) ,HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI).
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x on Windows running Shared Trace Service from the HP OpenView Cross Platform Component prior to v3.10.040.
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
CVE Name: CVE-2009-1792
3. *Vulnerability Description*
Ston3D is a cross-platform technology developed by StoneTrip [1],
allowing applications developed with ShiVa product [2] to be run from
various media. It is a platform for 3D real time development, specially
designed to make games and other real time applications.
Ston3D players come in two flavors:
Mozilla Seamonkey.
Background
==========
Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey
is a free, cross-platform Internet suite.
Affected packages
=================
system.
Background
==========
Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey
is a free, cross-platform Internet suite.
Affected packages
=================
A potential security vulnerability has been identified with HP OpenView Internet Service (OVIS) running Shared Trace Service on HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese), v6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00, vB.60.90.00, and vB.61.90.000 on HP-UX, Linux, Solaris, and Windows
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
Severity: High
===========================================================
1. Summary
===========================================================
The Dojo Toolkit is an open source modular JavaScript library/toolkit designed to ease the rapid development of cross platform, JavaScript/Ajax based applications and web sites. Multiple instances of DOM-based Cross Site Scripting (XSS) vulnerabilities were found in the _testCommon.js and runner.html files within the SDK. The XSS vulnerabilities appear to affect all websites that deploy any of the affected SDK files. These files are designed for testing, however a Google search identified numerous sites which have deployed these files along with the core framework components.
More information on DOM-based XSS can be found at http://www.owasp.org/index.php/DOM_Based_XSS.
The vendor (Dojo Foundation) was notified of this issue on February 19, 2010. The vendor responded by releasing version 1.4.2 on March 12, 2010 and has also issued a security bulletin: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/.
execution of arbitrary code.
Background
==========
Transmission is a cross-platform BitTorrent client.
Affected packages
=================
-------------------------------------------------------------------
Where: Remote
======================================================================
3) Vendor's Description of Software
"Developer's Image Library (DevIL) is a cross-platform image library
utilizing a simple syntax to load, save, convert, manipulate, filter
and display a variety of images with ease.".
Product Link:
http://openil.sourceforge.net/
of arbitrary code.
Background
==========
VLC is a cross-platform media player and streaming server.
Affected packages
=================
-------------------------------------------------------------------
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-5378
It was discovered that Tk, a cross-platform graphical toolkit for Tcl
performs insufficient input validation in the code used to load GIF
images, which may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 8.4.12-1etch1.
execution of arbitrary code.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
* Social Bookmarking
* Tab browsing
* RSS Support
* Proven security (TLS, SSL3)
* International support
* Cross platform capability
* Widget and Extension support
Vulnerability Details:
Minimo includes a password manager feature that allows users to store
user/password information of sites they visit. There are two ways this
I. BACKGROUND
---------------------
"Adobe Flash Player is a cross-platform browser-based application runtime
that delivers uncompromised viewing of expressive applications, content,
and videos across screens and browsers. Flash Player delivers breakthrough
web experiences to over 98% of Internet users." from Adobe.com
to the remote execution of arbitrary code in Qt applications.
Background
==========
Qt is a cross-platform GUI framework, which is used e.g. by KDE. The
AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86
emulation on AMD64.
Affected packages
=================
in the execution of arbitrary code and a Denial of Service.
Background
==========
Perl is a stable, cross platform programming language.
Affected packages
=================
-------------------------------------------------------------------
Denial of Service.
Background
==========
3proxy is a really tiny cross-platform proxy servers set, including
HTTP, HTTPS, FTP, SOCKS and POP3 support.
Affected packages
=================
in the execution of arbitrary code and a Denial of Service.
Background
==========
Perl is a stable, cross platform programming language.
Affected packages
=================
-------------------------------------------------------------------
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch2.
the execution of arbitrary code.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
A potential security vulnerability has been identified with HP OpenView Service Quality Manager (OV SQM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running HP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and 2.61.110 on HP-UX and Windows
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
A second option is that you are secure but a "partner" such as ad sites
has been compromised and infects your users.
Naturally, a compromise can come from anywhere, but in most cases it is
something like RFI... Taosecurity linked to three great papers on the
subject of web botnets / cross-platform web malware:
http://taosecurity.blogspot.com/2007/11/great-papers-from-honeynet-project.html
Linking also to my original article here:
http://blogs.securiteam.com/index.php/archives/815
A potential security vulnerability has been identified with HP OpenView Performance Insight (OVPI) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2, v5.2 running HP OpenView Cross Platform Component (XPL) earlier than v3.10.040 on HP-UX Precision Architecture (PA), HP-UX Itanium (IA), Linux, Solaris, and Windows
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
arbitrary code.
Background
==========
VLC is a cross-platform media player and streaming server.
Affected packages
=================
-------------------------------------------------------------------
code.
Background
==========
Audacity is a free cross-platform audio editor.
Affected packages
=================
-------------------------------------------------------------------
CVE Name: CVE-2009-2533, CVE-2009-2534
3. *Vulnerability Description*
Helix Server is a multi-format cross-platform streaming server. Two
vulnerabilities have been found, that could allow a remote attacker to
crash the Helix Server.
During a 'RTSP' (SET_PARAMETERS) request handling, if an empty
'DataConvertBuffer' parameter is received by the server, it will raise
of arbitrary code in some Qt applications.
Background
==========
Qt is a cross-platform GUI framework, which is used e.g. by KDE.
Affected packages
=================
-------------------------------------------------------------------
Vendor: Apple
Version affected: 1.1.2 and 1.1.3
Overview:The Apple iPhone remote DoS for 1.1.2 was discovered by c0ntex, but it actually works on 1.1.3 as well. After further research it also appears that this was a known issue with Firefox version 1.5.04 and was effected cross-platform.
Called Mozilla Firefox JavaScript navigator Object Vulnerability.I recommend you disable Java until Apple releases a fix or patch.
___________________________________
Proof of Concept (PoC):
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 8.4.12-1etch2.
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 06, 2009
I. BACKGROUND
Adobe Flash Player is Flash Player is a cross-platform browser plug-in
that delivers interactive content for Web experiences. For more
information, please visit following page:
http://www.adobe.com/products/flashplayer/
==================================================
1. Summary
==================================================
Adobe Flex is a software development kit released by Adobe Systems for the development and deployment of cross-platform rich Internet applications based on the Adobe Flash platform. An instance of a DOM-based Cross Site Scripting (XSS) vulnerability was found in the default index.template.html of the SDK that is an HTML template used by FlexBuilder to generate the wrapper html for all the application files in your project. The XSS vulnerability appears to affect all user's that download and utilize this HTML wrapper. You can find more information on DOM-based XSS here: http://www.owasp.org/index.php/DOM_Based_XSS
The vendor (Adobe Systems) was notified of this issue on June 29, 2009. The vendor responded by releasing version 3.4 on August 19, 2009 and has also issued a security bulletin: http://www.adobe.com/support/security/bulletins/apsb09-13.html.
Next Page>>
|
