Archive for November, 2009
Microsoft Releases Security Advisory 977544
by IDF Agent on Nov.16, 2009, under Uncategorized
Microsoft has released security advisory 977544 to address a
vulnerability in the Server Message Block (SMB) protocol. This
vulnerability may allow an attacker to cause a denial-of-service
condition. This vulnerability only affects Windows 7 and Server 2008
software.
We encourage users and administrators to review Microsoft
security advisory 977544 and apply the workarounds.
Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/977544.mspx>
Apple Releases Safari 4.0.4
by IDF Agent on Nov.16, 2009, under Uncategorized
Apple has released Safari 4.0.4 to address multiple vulnerabilities in
a number of components. Exploitation of these vulnerabilities may
allow an attacker to execute arbitrary code, cause a denial-of-service
condition, conduct cross-site request forgery, or obtain sensitive
information. These vulnerabilities affect Safari running on both the
Mac OS X and Windows platforms.
We encourage users and administrators to review Apple article
HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.
Relevant Url(s):
<http://support.apple.com/kb/HT3949>
Latest Vulnerabilities for 1st week of November
by IDF Agent on Nov.10, 2009, under Uncategorized
| Primary Vendor — Product |
Description | Published | CVSS Score | |
|---|---|---|---|---|
| adobe — shockwave_player | Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| dobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an “invalid pointer vulnerability,” a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 10.0 | |
| adobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an “invalid pointer vulnerability,” a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 10.0 | |
| adobe — shockwave_player | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an “invalid string length vulnerability.” NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| blender — blender | Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | 2009-11-06 | 9.3 | |
| eeye — retina_network_security_scanner | Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry. | 2009-11-04 | 9.3 | |
| ibm — ibm_runtimes_for_java_technology | Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the “updated version of XML4J 4.4.17.” | 2009-11-03 | 7.5 | |
| ibm — lotus_notes_intellisync | Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. | 2009-11-04 | 9.3 | |
| ibm — tivoli_storage_manager_client | Buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via unspecified vectors. | 2009-11-04 | 9.3 | |
| ibm — tivoli_storage_manager_client | Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors. | 2009-11-04 | 10.0 | |
| ibm — tivoli_storage_manager_client | Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors. | 2009-11-04 | 9.3 | |
| poppler — poppler | Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. | 2009-11-02 | 10.0 | |
| safenet-inc — softremote | Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | 2009-11-04 | 7.2 | |
| sun — opensolaris sun — solaris |
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server. | 2009-11-02 | 7.5 | |
| sun — solaris | Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the “restart daemon.” | 2009-11-03 | 7.2 | |
| sun — jdk sun — jre |
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | 2009-11-05 | 7.5 | |
| sun — jdk sun — jre |
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre |
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | 2009-11-05 | 9.3 | |
| sun — jdk sun — jre sun — sdk |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | 2009-11-05 | 10.0 | |
| sun — jdk sun — jre sun — sdk |
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | 2009-11-05 | 9.3 | |
| sun — java_system_web_server | Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | 2009-11-05 | 9.3 | |
| symantec — altiris_deployment_solution symantec — altiris_management_platform symantec — altiris_notification_server |
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | 2009-11-03 | 9.3 | |
| typo3 — typo3 | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | 2009-11-02 | 8.5 | |
| typo3 — typo3 | The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password’s md5 hash as a credential. |
Apple Releases Mac OS X v10.6.2 and Security Update 2009-006
by IDF Agent on Nov.10, 2009, under Uncategorized
Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to
address multiple vulnerabilities in a number of applications. These
vulnerabilities may allow an attacker to execute arbitrary code, cause
a denial-of-service condition, conduct a man-in-the-middle attack,
operate with escalated privileges, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article
HT3937 and apply any necessary updates to help mitigate the risks.
Relevant Url(s):
<http://support.apple.com/kb/HT3937>
Understanding Denial-of-Service Attacks
by IDF Agent on Nov.05, 2009, under Uncategorized
You may have heard of denial-of-service attacks launched against websites,
but you can also be a victim of these attacks. Denial-of-service attacks can
be difficult to distinguish from common network activity, but there are some
indications that an attack is in progress.
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting your
computer and its network connection, or the computers and network of the
sites you are trying to use, an attacker may be able to prevent you from
accessing email, websites, online accounts (banking, etc.), or other
services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker
“floods” a network with information. When you type a URL for a particular
website into your browser, you are sending a request to that site’s computer
server to view the page. The server can only process a certain number of
requests at once, so if an attacker overloads the server with requests, it
can’t process your request. This is a “denial of service” because you can’t
access that site.
An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your employer
or one available through a free service such as Yahoo or Hotmail, you are
assigned a specific quota, which limits the amount of data you can have in
your account at any given time. By sending many, or large, email messages to
the account, an attacker can consume your quota, preventing you from
receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use your
computer to attack another computer. By taking advantage of security
vulnerabilities or weaknesses, an attacker could take control of your
computer. He or she could then force your computer to send huge amounts of
data to a website or send spam to particular email addresses. The attack is
“distributed” because the attacker is using multiple computers, including
yours, to launch the denial-of-service attack.
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a
DoS or DDoS attack, but there are steps you can take to reduce the
likelihood that an attacker will use your computer to attack other
computers:
* Install and maintain anti-virus software (see Understanding Anti-Virus
Software for more information).
* Install a firewall, and configure it to restrict traffic coming into and
leaving your computer (see Understanding Firewalls for more
information).
* Follow good security practices for distributing your email address (see
Reducing Spam for more information). Applying email filters may help you
manage unwanted traffic.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack.
There may be technical problems with a particular network, or system
administrators may be performing maintenance. However, the following
symptoms could indicate a DoS or DDoS attack:
* unusually slow network performance (opening files or accessing websites)
* unavailability of a particular website
* inability to access any website
* dramatic increase in the amount of spam you receive in your account
What do you do if you think you are experiencing an attack?
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that
you will be able to determine the actual target or source of the attack.
Contact the appropriate technical professionals for assistance.
* If you notice that you cannot access your own files or reach any
external websites from your work computer, contact your network
administrators. This may indicate that your computer or your
organization’s network is being attacked.
* If you are having a similar experience on your home computer, consider
contacting your internet service provider (ISP). If there is a problem,
the ISP might be able to advise you of an appropriate course of action.
_________________________________________________________________
Author: Mindi McDowell
Adobe Releases Update for Shockwave Player
by IDF Agent on Nov.04, 2009, under Uncategorized
Adobe has released Shockwave Player 11.5.2.602 to address multiple
vulnerabilities. Exploitation of these vulnerabilities may allow an
attacker to run malicious code on the user’s machine.
We encourage users and administrators to review Adobe security
bulletin APSB09-16 and update to Shockwave Player 11.5.2.602 to help
mitigate the risks.
Relevant Url(s):
<http://www.adobe.com/support/security/bulletins/apsb09-16.html>
Sun Releases Update 17 for Java SE 6
by IDF Agent on Nov.04, 2009, under Uncategorized
Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to
address multiple vulnerabilities. The impacts of these vulnerabilities
include arbitrary code execution, privilege escalation, denial of
service, and information disclosure.
We encourage users and administrators to review the Java the
Java SE 6 Update 17 release notes and apply any necessary updates to
help mitigate the risks.
Relevant Url(s):
<http://java.sun.com/javase/6/webnotes/6u17.html>
<http://java.sun.com/javase/downloads/index.jsp>
Latest High Risk Vulnerabilities
by IDF Agent on Nov.02, 2009, under Uncategorized
| Vendor — Product | Description | Published |
|---|---|---|
| acoustica — mp3_audio_mixer | Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | 2009-10-27 |
| adam_gerson — moodle_courselist | SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-10-26 |
| assistanttools — music_tag_editor | Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information. | 2009-10-27 |
| cutepdf — formmax | Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-10-26 |
| dedecms — dedecms | SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | 2009-10-27 |
| fijiwebdesign — com_ajaxchat | PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. | 2009-10-28 |
| flagbit — fb_filebase | SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-10-28 |
| kramware — mixsense_dj_studio | MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file. | 2009-10-27 |
| linux — kernel linux — kernel |
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function. | 2009-10-29 |
| michael_j_greenwood — php_content_manager | Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. | 2009-10-28 |
| mixvibes — mixvibes | Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file. | 2009-10-27 |
| mozilla — firefox | Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | 2009-10-29 |
| mozilla — firefox | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | 2009-10-29 |
| mozilla — firefox mozilla — seamonkey |
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | 2009-10-29 |
| mozilla — firefox mozilla — seamonkey |
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | 2009-10-29 |
| mozilla — firefox | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to “doubly-wrapped objects.” | 2009-10-29 |
| mozilla — firefox mozilla — seamonkey |
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. | 2009-10-29 |
| mozilla — firefox | Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | 2009-10-29 |
| mozilla — firefox | The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. | 2009-10-29 |
| mozilla — firefox | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | 2009-10-29 |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2009-10-29 |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2009-10-29 |
| mozilla — firefox | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 2009-10-29 |
| mozilla — firefox | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2009-10-29 |
| opendocman — opendocman | SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | 2009-10-26 |
| opendocman — opendocman | SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-10-27 |
| ordasoft — com_booklibrary | PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-10-28 |
| otslabs — otsav_dj otslabs — otsav_radio otslabs — otsav_tv |
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file. | 2009-10-27 |
| qemu — qemu | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | 2009-10-23 |
| quicksketch — filefield | The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | 2009-10-26 |
| sahana — sahana | Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | 2009-10-26 |
| stanislas_rolland — sr_freecap | Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | 2009-10-28 |
| thomas_graber — gencms | Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. | 2009-10-28 |
| urs_maag — maag_randomimage | Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors. | 2009-10-28 |