Next Page >>
referenced
On Tue, 27 May 2008, security curmudgeon wrote:
> No mention of CVE-2008-1035 in the [CORE] advisory other than the header
> CVE name reference. BID seems to have split the three vulnerabilities,
> but given two of them the same CVE. CVE does not have descriptions open
> yet.
The descriptions are below - for CVE-2008-2006, we merged on the rough
criteria of "insufficient validation of a length field".
7. Within the patch directory run the following command:
./utility/iiinstaller
Please check the $II_SYSTEM/ingres/files/patch.log file to
make sure the patch was applied successfully. Also check the
$II_SYSTEM/ingres/version.rel to make sure the patch is
referenced.
Note: The patch can also be installed silently using the ‘-m'
flag with iiinstaller:
./utility/iiinstaller -m
8. Once the patch install has been complete, re-link the iimerge
binary with the following command:
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
CA Advisory Updated: May 12, 2009
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
allowed, the username and a ciphered challenge/response will be sent to
the IP_OR_HOSTNAME specified.
Internet Explorer reacts different when a requested resource is directly
accessed or when it's found after a redirection. If a page hosted in
domain A makes a reference to a resource located at domain B, the user
will be prompted to download this file from the B domain. But if the
resource is requested, for example, in the following way:
/-----------
II. Problem Description
Microsoft Office documents can carry URLs as clickable
references. The target of URLs given in the document
are stored in word/_rels/document.xml.rels inside
the OOXML ZIP container. Inside you will see the
hyperlink, referenced by an internal ID and the target.
The target can be changed without invalidating the signature.
At least in the GUI a hyperlink's target is shown to the user.
In either way, it is our hope that the increased awareness and the release
of IE8 and php5.3 will reduce - if not eliminate - the risk of such mime
sniffing attacks in the future.
V References
====================================================
[1] Barth, Caballero, Song: "Secure Content Sniffing for Web Browsers, or
How to Stop Papers from Reviewing Themselves"; in IEEE Security &
Privacy (Oakland 2009)
Title: CA20090107-01: CA Service Metric Analysis and CA Service
Level Management smmsnmpd Arbitrary Command Execution
Vulnerability
CA Advisory Reference: CA20090107-01
CA Advisory Date: 2009-01-07
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.15 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.21 or earlier
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
http://www.adobe.com/products/flashplayer
II. DESCRIPTION
Remote exploitation of a invalid object reference vulnerability in Adobe
Systems Inc.'s Flash Player could allow an attacker to execute arbitrary
code with the privileges of the current user.
During the processing of a Shockwave Flash file, a particular object can
be created, along with multiple references that point to the object. The
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Select Identity Active Directory Bidirectional LDAP Connector running on Windows. The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory for Windows Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
3.2. The ``execute'' command
:exe[cute] {expr1} .. Executes the string that results from the evaluation
of {expr1} as an Ex command.
-- Vim Reference Manual (eval.txt)
``execute'' is similar e.g. to the ``eval'' command of the POSIX shell. As Vim
Script doesn't allow variables as arguments to commands, only literals,
``execute'' is very popular:
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
When OS X checks for new updates, it first contacts swscan.apple.com
to receive the XML catalog file. This file references the distribution
definition files, which can reside on another server. Software Update
receives these files and calls some of the JavaScript functions to check,
if the update is suited for the local machine.
The catalog file and the distribution definition files are both received
issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres).
How to determine if you are affected:
Check the %II_SYSTEM%\ingres\version.rel file to identify the
Ingres version. If the installed version of Ingres 2.6 is a
Double-Byte version (should have DBL referenced), please download
the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap):
>=20
>=20
> VI. Correction details
>=20
>=20
> A closer look into the references section of the XML signature=20
>=20
> used by Microsoft Office (stored in the File=20
>=20
> _xmlsignatures\sig1.xml) reveals that the file core.xml is=20
>=20
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v5.5 and v5.6 on Itanium and Alpha platforms.
BACKGROUND
required in that the victim must visit a malicious website or be coerced
into opening a malicious document.
The specific flaw exists within the way that Mozilla's Firefox parses
.XUL files. While appending a particular tag to a treechildren
container, the application will create more than one reference to a
particular element without increasing its reference count. Upon removal
of one of the elements, the refcount will be decreased causing the
application to free the memory associated with the object. Due to the
rogue reference occurring, the next time the application attempts to
reference that container, the application will access memory that has
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v5.5 and v5.6 on Itanium and Alpha platforms.
BACKGROUND
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101)
CVE-2009-3845 (SSRT090037, ZDI-CAN-453)
CVE-2009-3846 (SSRT090122, ZDI-CAN-526)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101), CVE-2009-3845 (SSRT090037), CVE-2009-3846 (SSRT090122), CVE-2009-3847 (SSRT090128), CVE-2009-3848 (SSRT090129), CVE-2009-3849 (SSRT090130), CVE-2009-4176 (SSRT090131), CVE-2009-4177 (SSRT090132), CVE-2009-4178 (SSRT090133), CVE-2009-4179 (SSRT090134), CVE-2009-4180 (SSRT090135), CVE-2009-4181 (SSRT090164)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
services, servers, and other network hardware."
[Zabbix Server : Remote command execution]
Impacted software : Zabbix Server
Zabbix reference : https://support.zabbix.com/browse/ZBX-1030
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with web-connected HP DreamScreen . This vulnerability could be exploited remotely to allow disclosure of information.
References: CVE-2010-0446
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP DreamScreen 100 firmware earlier than v1.6.0.0
HP DreamScreen 130 firmware earlier than v1.6.0.0
Information disclosure vulnerability in Drupal's Realname User Reference
Widget contributed module (version 6.x-1.0)
Discovered by Martin Barbella <barbella@sas.upenn.edu>
Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide variety
of content on a website (http://drupal.org/about).
http://www.adobe.com/products/flashplayer
II. DESCRIPTION
Remote exploitation of an invalid Loader object reference vulnerability
in Adobe Systems Inc.'s Flash Player could allow an attacker to execute
arbitrary code with the privileges of the current user.
During the processing of a Shockwave Flash file, an object can be
created, along with multiple references that point to the object. The
Next Page>>
|
