Hírolvasó

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

Kategóriák: Sebezhetőségek

CVE-2010-2712 (hp-ux)

National Vulnerability Database - 2010, augusztus 30 - 00:00

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

Kategóriák: Sebezhetőségek

CVE-2010-2575 (kde_sc)

National Vulnerability Database - 2010, augusztus 30 - 00:00

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Kategóriák: Sebezhetőségek

CVE-2010-3187 (aix)

National Vulnerability Database - 2010, augusztus 30 - 00:00

Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.

Kategóriák: Sebezhetőségek

CVE-2010-3186 (websphere_application_server)

National Vulnerability Database - 2010, augusztus 30 - 00:00

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.

Kategóriák: Sebezhetőségek

CVE-2010-3002 (realplayer)

National Vulnerability Database - 2010, augusztus 30 - 00:00

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.

Kategóriák: Sebezhetőségek

CVE-2010-3001 (realplayer, realplayer_sp)

National Vulnerability Database - 2010, augusztus 30 - 00:00

Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."

Kategóriák: Sebezhetőségek

Hírolvasó

Bugtraq: R7-0036: FCKEditor.NET File Upload Code Execution

Bugtraq: [0day] Apple QuickTime "_Marshaled_pUnk" backdoor param arbitrary code execution

Bugtraq: [ MDVSA-2010:164 ] phpmyadmin

Bugtraq: [ MDVSA-2010:163 ] phpmyadmin

Bugtraq: [SECURITY] [DSA 2099-1] New OpenOffice.org packages fix arbitrary code execution

Bugtraq: ekoparty Security Conference 2010 Announcements

Bugtraq: EC2ND 2010, Call for Participation

Bugtraq: [SECURITY] [DSA 2098-1] New typo3-src packages fix several vulnerabilities

Bugtraq: [SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities

Bugtraq: wp-10-0001: Multiple Browser Wildcard Cerficate Validation Weakness

Bugtraq: Flash Player 9 DLL Hijacking Exploit (schannel.dll)

Bugtraq: [USN-979-1] okular vulnerability

Bugtraq: [USN-974-2] Linux kernel regression

CVE-2010-3035 (ios_xr)

CVE-2010-2712 (hp-ux)

CVE-2010-2575 (kde_sc)

CVE-2010-3187 (aix)

CVE-2010-3186 (websphere_application_server)

CVE-2010-3002 (realplayer)

CVE-2010-3001 (realplayer, realplayer_sp)

Belépés

Navigáció

Sebezhetőségek

ModernBiztonság [beta] hírlevél