It’s been a while since the blog was updated with Vulnerability Scanner updates, but over the last couple of months we’ve been busy pushing out new detection. Below is a list of 200 new plugins that have gone out.
RealNetworks RealPlayer HTTP Chunked Encoding Integer Overflow
Bugtraq: 37880
CVE: CVE-2009-4243
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741,
RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10
and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to
have an unspecified impact via a crafted media file that uses HTTP chunked
transfer coding, related to an “overflow.”
Linux : RealNetworks RealPlayer HTTP Chunked Encoding Integer Overflow
Bugtraq: 37880
CVE: CVE-2009-4243
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741,
RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10
and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to
have an unspecified impact via a crafted media file that uses HTTP chunked
transfer coding, related to an “overflow.”
Mac : RealNetworks RealPlayer HTTP Chunked Encoding Integer Overflow
Bugtraq: 37880
CVE: CVE-2009-4243
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741,
RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10
and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to
have an unspecified impact via a crafted media file that uses HTTP chunked
transfer coding, related to an “overflow.”
Google Chrome Multiple Code Execution Vulnerabilities
Bugtraq: 38177
CVE: CVE-2010-0315
Three code execution vulnerabilities exist in Google Chrome. Two vulnerabilities
are due to integer overflows in the v8 engine and another is due to
deserializing a sandbox message. The other vulnerability is due to an
unspecified error while parsing tags. A malicious user can exploit these
vulnerabilities by enticing a user to download a malicious web page. This may
result in code execution.
Adobe Reader and Acrobat Domain Sandbox Bypass
Bugtraq: 38198
CVE: CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR
before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before
9.3.1 allows remote attackers to bypass intended sandbox restrictions and make
cross-domain requests via unspecified vectors.
Linux : Adobe Reader and Acrobat Domain Sandbox Bypass
Bugtraq: 38198
CVE: CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR
before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before
9.3.1 allows remote attackers to bypass intended sandbox restrictions and make
cross-domain requests via unspecified vectors.
Mac : Adobe Reader and Acrobat Domain Sandbox Bypass
Bugtraq: 38198
CVE: CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR
before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before
9.3.1 allows remote attackers to bypass intended sandbox restrictions and make
cross-domain requests via unspecified vectors.
Adobe Reader and Acrobat Libtiff TIFFFetchShortPair Stack Buffer Overflow
Bugtraq: 38195
CVE: Not available
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x
before 9.3.1 allows attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via unknown vectors.
Linux : Adobe Reader and Acrobat Libtiff TIFFFetchShortPair Stack Buffer Overflow
Bugtraq: 38195
CVE: Not available
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x
before 9.3.1 allows attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via unknown vectors.
Mac : Adobe Reader and Acrobat Libtiff TIFFFetchShortPair Stack Buffer Overflow
Bugtraq: 38195
CVE: Not available
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x
before 9.3.1 allows attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via unknown vectors.
Linux: Novell Products AES and RC4 Decryption Integer Underflow
Bugtraq: 37749
CVE: CVE-2009-4212
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality
in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7
before 1.7.1, allow remote attackers to cause a denial of service (daemon crash)
or possibly execute arbitrary code by providing ciphertext with a length that is
too short to be valid.
EMC HomeBase SSL Service Directory Traversal
Bugtraq: 38380
CVE: Not available
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server
allows remote attackers to overwrite arbitrary files with any content, and
consequently execute arbitrary code, via a .. (dot dot) in an unspecified
parameter.
Linux : EMC HomeBase SSL Service Directory Traversal
Bugtraq: 38380
CVE: Not available
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server
allows remote attackers to overwrite arbitrary files with any content, and
consequently execute arbitrary code, via a .. (dot dot) in an unspecified
parameter.
Microsoft Windows MsgBox Help File Code Execution
Bugtraq: Not available
CVE: Not available
Arbitrary code can be executed on the remote host through the installed VBScript
Scripting Engine.
Erisesoft easyftpsvr CWD Command Buffer Overflow
Bugtraq: 38102
CVE: Not available
Lack of input length checks for the CWD command result in a buffer overflow
vulnerability, allowing the execution of arbitrary code by a remote attacker.
Novell eDirectory SOAP Request Parsing Denial of Service
Bugtraq: 38157
CVE: CVE-2010-0666
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and
earlier allows remote attackers to cause a denial of service (crash) via unknown
a crafted SOAP request, a different issue than CVE-2008-0926.
Microsoft Windows winhlp32.exe MsgBox Remote Code Execution
Bugtraq: 38463
CVE: CVE-2010-0483
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4,
XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows
user-assisted remote attackers to execute arbitrary code by referencing a (1)
local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp
file in the fourth argument (aka helpfile argument) to the MsgBox function,
leading to code execution involving winhlp32.exe when the F1 key is pressed, aka
“VBScript Help Keypress Vulnerability.”
McAfee LinuxShield nailsd Privilege Escalation
Bugtraq: 38489
CVE: Not available
A privilege escalation vulnerability exists in McAfee LinuxShield. The
vulnerability is due to insufficient access control to the “nailsd” daemon,
which listens on port 65443/tcp. Remote authenticated attackers can exploit this
vulnerability to execute arbitrary code on vulnerable installations of McAfee
LinuxShield within the security context of the root user.
Open-FTPD Ftp Server Long Password Buffer Overflow
Bugtraq: 30993
CVE: Not available
A buffer overflow in Open-FTPD Ftp server cause remote unauthenticated attacker
to execute arbitrary code with System privileges.
Yahoo! Player Playlist Handling Buffer Overflow
Bugtraq: 38581
CVE: Not available
Yahoo! Player is prone to a stack-based buffer-overflow vulnerability because
the application fails to bounds-check user-supplied data before copying it into
an insufficiently sized buffer.
GNU Tar and Cpio rmt_read Heap buffer Overflow
Bugtraq: 38628
CVE: CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the
rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows
remote rmt servers to cause a denial of service (memory corruption) or possibly
execute arbitrary code by sending more data than was requested, related to
archive filenames that contain a : (colon) character.
Skype URI Handling Datapath Security Bypass
Bugtraq: 38699
CVE: Not available
The remote Skype client is affected by an information disclosure vulnerability.
httpdx FTP USER and PASS Denial of Service
Bugtraq: 38718
CVE: Not available
An integer underflows when processing certain FTP commands, which can be
exploited to crash the service by e.g. sending FTP “USER” and “PASS” commands
with only a zero byte (0×00) as parameter.
SAP MaxDB Malformed Handshake Request Buffer Overflow
Bugtraq: 38769
CVE: CVE-2010-1185
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37
through 7.6.06 allows remote attackers to execute arbitrary code via an invalid
length parameter in a handshake packet to TCP port 7210.
Texas Imperial Software WFTPD Pro Server REST Command Handling Denial of Service
Bugtraq: 38762
CVE: Not available
A Input validation error in Texas Imperial Software WFTPD Pro Server cause
denial of service.
Novell eDirectory DHOST Web Service Predictable Session Cookie
Bugtraq: 38782
CVE: CVE-2009-4655
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session
cookie, which makes it easier for remote attackers to hijack sessions via a
modified cookie.
Mac : Apple Safari 4 Unspecified Remote Code Execution
Bugtraq: 38955
CVE: CVE-2010-1120
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote
attackers to execute arbitrary code via unknown vectors, as demonstrated by
Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
Apple QuickTime H.263 Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0062
Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS X before
10.6.3 allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted movie file with H.263 encoding.
Mac: Apple QuickTime H.263 Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0062
Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS X before
10.6.3 allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted movie file with H.263 encoding.
Apple QuickTime H.261 Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0514
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with H.261 encoding.
Mac: Apple QuickTime H.261 Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0514
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with H.261 encoding.
Apple QuickTime H.264 Movie File Memory Corruption
Bugtraq: 39020
CVE: CVE-2010-0515
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted movie file with H.264 encoding.
Mac: Apple QuickTime H.264 Movie File Memory Corruption
Bugtraq: 39020
CVE: CVE-2010-0515
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted movie file with H.264 encoding.
Apple QuickTime RLE Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0516
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with RLE encoding.
Mac: Apple QuickTime RLE Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0516
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with RLE encoding.
Apple QuickTime M-JPEG Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0517
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with M-JPEG encoding.
Mac: Apple QuickTime M-JPEG Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0517
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with M-JPEG encoding.
Apple QuickTime Sorenson Movie File Memory Corruption
Bugtraq: 39020
CVE: CVE-2010-0518
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted movie file with Sorenson encoding.
Mac: Apple QuickTime Sorenson Movie File Memory Corruption
Bugtraq: 39020
CVE: CVE-2010-0518
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted movie file with Sorenson encoding.
Apple QuickTime FlashPix Movie File Integer Overflow
Bugtraq: 39020
CVE: CVE-2010-0519
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote
attackers to execute arbitrary code or cause a denial of service (application
crash) via a crafted movie file with FlashPix encoding.
Mac: Apple QuickTime FlashPix Movie File Integer Overflow
Bugtraq: 39020
CVE: CVE-2010-0519
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote
attackers to execute arbitrary code or cause a denial of service (application
crash) via a crafted movie file with FlashPix encoding.
Apple QuickTime FLC Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0520
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with FLC encoding.
Mac: Apple QuickTime FLC Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0520
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with FLC encoding.
Apple QuickTime MPEG Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0526
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with MPEG encoding.
Mac: Apple QuickTime MPEG Movie File Buffer Overflow
Bugtraq: 39020
CVE: CVE-2010-0526
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted movie file with MPEG encoding.
Novell ZENworks Configuration Management Code Execution
Bugtraq: 39114
CVE: Not available
Novell ZENworks Configuration Management is prone to a remote code-execution
vulnerability. An attacker can leverage this issue to execute arbitrary code
with SYSTEM-level privileges. Failed exploit attempts will result in a denial-
of-service condition.
Apple iTunes MP4 File Handling Denial of Service
Bugtraq: 39113
CVE: CVE-2010-0531
Apple iTunes before 9.1 allows remote attackers to cause a denial of service
(infinite loop) via a crafted MP4 podcast file.
Mac : Apple iTunes MP4 File Handling Denial of Service
Bugtraq: 39113
CVE: CVE-2010-0531
Apple iTunes before 9.1 allows remote attackers to cause a denial of service
(infinite loop) via a crafted MP4 podcast file.
Novell ZENworks Configuration Management Preboot Service Code Execution
Bugtraq: 39111
CVE: Not available
Novell ZENworks Configuration Management is prone to an unspecified remote code-
execution vulnerability. An attacker can leverage this issue to execute
arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result
in a denial-of-service condition.
Apple iTunes Privilege Escalation
Bugtraq: 39092
CVE: CVE-2010-0532
Race condition in the installation package in Apple iTunes before 9.1 on Windows
allows local users to gain privileges by replacing an unspecified file with a
Trojan horse.
Apple iTunes TIFF File Handling Memory Corruption
Bugtraq: 38673
CVE: CVE-2010-0043
ImageIO in Apple Safari before 4.0.5 on Windows allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted TIFF image.
Apple iTunes TIFF File Handling Buffer Underflow
Bugtraq: 35451
CVE: CVE-2009-2285
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows
context-dependent attackers to cause a denial of service (crash) via a crafted
TIFF image, a different vulnerability than CVE-2008-2327.
Apple iTunes ColorSync Integer Overflow
Bugtraq: 38674
CVE: CVE-2010-0040
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via an image with a crafted color profile that triggers a
heap-based buffer overflow.
Apple QuickTime QDM2 Content Handling Memory Corruption
Bugtraq: 39160
CVE: CVE-2010-0059
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via crafted audio content with QDM2 encoding.
Mac: Apple QuickTime QDM2 Content Handling Memory Corruption
Bugtraq: 39160
CVE: CVE-2010-0059
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via crafted audio content with QDM2 encoding.
Apple QuickTime QDMC Content Handling Memory Corruption
Bugtraq: 39164
CVE: CVE-2010-0060
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via crafted audio content with QDMC encoding.
Mac: Apple QuickTime QDMC Content Handling Memory Corruption
Bugtraq: 39164
CVE: CVE-2010-0060
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via crafted audio content with QDMC encoding.
Apple QuickTime PICT File Handling Integer Overflow
Bugtraq: 39136
CVE: CVE-2010-0527
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote
attackers to execute arbitrary code or cause a denial of service (application
crash) via a crafted PICT image.
Apple QuickTime Movie File Handling Memory Corruption
Bugtraq: 39139
CVE: CVE-2010-0528
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via crafted color tables in a movie file.
Apple QuickTime PICT File Handling Buffer Overflow
Bugtraq: 39140
CVE: CVE-2010-0529
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on
Windows allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a PICT image with a BkPixPat opcode (0×12)
containing crafted values that are used in a calculation for memory allocation.
Apple QuickTime BMP File Handling Memory Corruption
Bugtraq: 39141
CVE: CVE-2010-0536
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and application
crash) via a crafted BMP image.
Apple Mac OS X Internet Enabled Disk Image Code Execution
Bugtraq: 39194
CVE: CVE-2010-0497
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected
warning for an unsafe file type in an internet enabled disk image, which makes
it easier for user-assisted remote attackers to execute arbitrary code via a
package file type.
Apple Mac OS X ImageIO Framework JPEG2000 Arithmetic Error
Bugtraq: 39171
CVE: CVE-2010-0505
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted JP2 (JPEG2000) image, related to incorrect
calculation and the CGImageReadGetBytesAtOffset function.
Oracle Java Soundbank Resource Name Stack Buffer Overflow
Bugtraq: 39070
CVE: CVE-2010-0839
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and availability via unknown
vectors.
Linux : Oracle Java Soundbank Resource Name Stack Buffer Overflow
Bugtraq: 39070
CVE: CVE-2010-0839
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and availability via unknown
vectors.
Mozilla Firefox Cross Document DOM Node Moving Code Execution
Bugtraq: 38952
CVE: CVE-2010-1121
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to
execute arbitrary code via unknown vectors that trigger memory corruption.
Linux : Mozilla Firefox Cross Document DOM Node Moving Code Execution
Bugtraq: 38952
CVE: CVE-2010-1121
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to
execute arbitrary code via unknown vectors that trigger memory corruption.
Mac : Mozilla Firefox Cross Document DOM Node Moving Code Execution
Bugtraq: 38952
CVE: CVE-2010-1121
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to
execute arbitrary code via unknown vectors that trigger memory corruption.
Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution
Bugtraq: 38298
CVE: CVE-2010-1028
Integer overflow in the decompression functionality in the Web Open Fonts Format
(WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to
execute arbitrary code via a crafted WOFF file that triggers a buffer overflow.
Linux : Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution
Bugtraq: 38298
CVE: CVE-2010-1028
Integer overflow in the decompression functionality in the Web Open Fonts Format
(WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to
execute arbitrary code via a crafted WOFF file that triggers a buffer overflow.
Mac : Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution
Bugtraq: 38298
CVE: CVE-2010-1028
Integer overflow in the decompression functionality in the Web Open Fonts Format
(WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to
execute arbitrary code via a crafted WOFF file that triggers a buffer overflow.
CA XOsoft Multiple Products xosoapapi.asmx Multiple Remote Code Execution
Bugtraq: 39238
CVE: CVE-2010-1223
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to
execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx
SOAP endpoint or (2) a long string to the entry_point.aspx service.
Linux Kernel sctp_rcv_ootb Remote Denial of Service
Bugtraq: 38857
CVE: CVE-2010-0008
The SCTP implementation in the Linux kernel before 2.6.23 allows remote
attackers to cause a denial of service (infinite loop) via (1) an Out Of The
Blue (OOTB) chunk or (2) a chunk of zero length.
OpenSSL bn_wexpend Error Handling Remote Code Execution
Bugtraq: 38562
CVE: CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand
function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3)
crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact
and context-dependent attack vectors.
Linux : OpenSSL bn_wexpend Error Handling Remote Code Execution
Bugtraq: 38562
CVE: CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand
function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3)
crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact
and context-dependent attack vectors.
Mac : OpenSSL bn_wexpend Error Handling Remote Code Execution
Bugtraq: 38562
CVE: CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand
function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3)
crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact
and context-dependent attack vectors.
Oracle Java Runtime Environment Image File Buffer Overflow
Bugtraq: 39071
CVE: CVE-2010-0847
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java
for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and availability via unknown
vectors.
Linux : Oracle Java Runtime Environment Image File Buffer Overflow
Bugtraq: 39071
CVE: CVE-2010-0847
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java
for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and availability via unknown
vectors.
Clam AntiVirus Scanning qtm_decompress Memory Corruption
Bugtraq: 39262
CVE: CVE-2010-0098
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats,
which allows remote attackers to bypass virus detection via a crafted archive
that is compatible with standard archive utilities.
Oracle Java Web Start Launch Command-Line Injection
Bugtraq: 39346
CVE: Not available
A command-line injection vulnerability exists in Oracle Java SE and Java for
Business 6 Update 10 to 6 Update 19.
VMware Products Multiple Vulnerabilities
Bugtraq: Not available
CVE: Not available
Multiple VMware products are prone to remote code-execution vulnerability that
exist in VMware Tools, local privilege-escalation vulnerability, information-
disclosure vulnerability, remote denial-of-service vulnerability, remote format
string vulnerability, multiple heap-based buffer-overflow vulnerabilities.
Oracle Java Web Start InstallJRE Policy Bypass
Bugtraq: 39346
CVE: Not available
A policy bypass vulnerability exists in Oracle Java SE and Java for Business 6
Update 10 to 6 Update 19.
VMware Movie Decoder VMnc Codec Heap Buffer Overflow
Bugtraq: 39363
CVE: CVE-2009-1564
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie
Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware
Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4
build 246459, and VMware Server 2.x on Windows, allows remote attackers to
execute arbitrary code via an AVI file with crafted video chunks that use
HexTile encoding.
Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow
Bugtraq: 39329
CVE: CVE-2010-0196
A buffer overflow vulnerability in Adobe Reader 9.x before 9.3.2, and 8.x before
8.2.2 on Linux, allows attackers to cause a denial of service or possibly
execute arbitrary code via unknown vectors.
Microsoft Windows Kernel Null Pointer Dereference
Bugtraq: 39297
CVE: CVE-2010-0234
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista
Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a
registry-key argument to an unspecified system call, which allows local users to
cause a denial of service (reboot) via a crafted application, aka “Windows
Kernel Null Pointer Vulnerability.”
Microsoft Windows Kernel Symbolic Link Value Denial of Service
Bugtraq: 39309
CVE: CVE-2010-0235
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and
Vista Gold does not perform the expected validation before creating a symbolic
link, which allows local users to cause a denial of service (reboot) via a
crafted application, aka “Windows Kernel Symbolic Link Value Vulnerability.”
Microsoft Windows 2000 Media Services Stack Buffer Overflow
Bugtraq: Not available
CVE: CVE-2010-0478
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in
Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to
execute arbitrary code via crafted packets associated with transport
information, aka “Media Services Stack-based Buffer Overflow Vulnerability.”
Microsoft Windows Kernel Symbolic Link Creation Privilege Escalation
Bugtraq: 39324
CVE: CVE-2010-0237
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users
to gain privileges by creating a symbolic link from an untrusted registry hive
to a trusted registry hive, aka “Windows Kernel Symbolic Link Creation
Vulnerability.”
Microsoft Windows Kernel Registry Key Denial Of Service
Bugtraq: 39318
CVE: CVE-2010-0238
Unspecified vulnerability in registry-key validation in the kernel in Microsoft
Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local
users to cause a denial of service (reboot) via a crafted application, aka
“Windows Kernel Registry Key Vulnerability.”
Microsoft Windows Virtual Path Parsing Denial Of Service
Bugtraq: 39319
CVE: CVE-2010-0481
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008
Gold, SP2, and R2, and Windows 7 does not properly translate a registry key\’s
virtual path to its real path, which allows local users to cause a denial of
service (reboot) via a crafted application, aka “Windows Virtual Path Parsing
Vulnerability.”
Microsoft Windows Kernel Malformed Image Denial Of Service
Bugtraq: 39320
CVE: CVE-2010-0482
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly
validate relocation sections of image files, which allows local users to cause a
denial of service (reboot) via a crafted file, aka “Windows Kernel Malformed
Image Vulnerability.”
Microsoft Windows Kernel Exception Handler Denial Of Service
Bugtraq: 39322
CVE: CVE-2010-0810
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server
2008 Gold and SP2, does not properly handle unspecified exceptions, which allows
local users to cause a denial of service (reboot) via a crafted application, aka
“Windows Kernel Exception Handler Vulnerability.”
Microsoft Office Visio Index Calculation Memory Corruption
Bugtraq: 39302
CVE: CVE-2010-0256
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not
properly calculate Donkey unspecified indexes associated with Visio files, which
allows remote attackers to execute arbitrary code via a crafted file, aka “Visio
Index Calculation Memory Corruption Vulnerability.”
Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow
Bugtraq: 39347
CVE: CVE-2010-0479
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1
and SP2 allows remote attackers to execute arbitrary code via a crafted
Publisher file, aka “Microsoft Office Publisher File Conversion TextBox
Processing Buffer Overflow Vulnerability.”
Microsoft Windows SMTP Service MX Record Denial Of Service
Bugtraq: 39308
CVE: CVE-2010-0024
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003
SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not
properly parse MX records, which allows remote DNS servers to cause a denial of
service (service outage) via a crafted response to a DNS MX record query, aka
“SMTP Server MX Record Vulnerability.”
Microsoft Windows SMTP Service Memory Allocation Information Disclosure
Bugtraq: 39381
CVE: CVE-2010-0025
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003
SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not
properly allocate memory for SMTP command replies, which allows remote attackers
to read fragments of e-mail messages by sending a series of invalid commands and
then sending a STARTTLS command, aka “SMTP Memory Allocation Vulnerability.”
Microsoft Windows Kernel Memory Allocation Privilege Escalation
Bugtraq: 39323
CVE: CVE-2010-0236
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and
Vista Gold does not properly allocate memory for the destination key associated
with a symbolic-link registry key, which allows local users to gain privileges
via a crafted application, aka “Windows Kernel Memory Allocation Vulnerability.”
Microsoft Windows MPEG Layer-3 Audio Decoder Stack Buffer Overflow
Bugtraq: 39303
CVE: CVE-2010-0480
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1,
and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute
arbitrary code via a crafted AVI file, aka “MPEG Layer-3 Audio Decoder Stack
Overflow Vulnerability.”
Microsoft Windows Media Player Remote Code Execution
Bugtraq: 39351
CVE: CVE-2010-0268
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows
Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows
remote attackers to execute arbitrary code via crafted media content, aka “Media
Player Remote Code Execution Vulnerability.”
Microsoft Office Visio Attribute Validation Memory Corruption
Bugtraq: 39300
CVE: CVE-2010-0254
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not
properly validate attributes in Visio files, which allows remote attackers to
execute arbitrary code via a crafted file, aka “Visio Attribute Validation
Memory Corruption Vulnerability.”
Microsoft Windows ISATAP IPv6 Source Address Spoofing
Bugtraq: 39352
CVE: CVE-2010-0812
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and
Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-
address restrictions via a mismatched IPv6 source address in a tunneled ISATAP
packet, aka “ISATAP IPv6 Source Address Spoofing Vulnerability.”
Microsoft Windows WinVerifyTrust Signature Validation Security Bypass
Bugtraq: 39328
CVE: CVE-2010-0486
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and
6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003
SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2,
and Windows 7 does not properly use unspecified fields in a file digest, which
allows user-assisted remote attackers to execute arbitrary code via a modified
(1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly
appears to have a valid signature, aka “WinVerifyTrust Signature Validation
Vulnerability.”
Microsoft Windows WinVerifyTrust Cabview Corruption Validation Security Bypass
Bugtraq: 39332
CVE: CVE-2010-0487
The Authenticode Signature verification functionality in cabview.dll in Cabinet
File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4,
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and
SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use
unspecified fields in a file digest, which allows remote attackers to execute
arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears
to have a valid signature, aka “Cabview Corruption Validation Vulnerability.”
Microsoft Windows SMB Client Invalid Memory Allocation
Bugtraq: 39312
CVE: CVE-2010-0269
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows
Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold,
SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses,
which allows remote SMB servers and man-in-the-middle attackers to execute
arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka “SMB Client
Memory Allocation Vulnerability.”
Microsoft Windows SMB Client Transaction Memory Corruption
Bugtraq: 39339
CVE: CVE-2010-0270
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not
properly validate fields in SMB transaction responses, which allows remote SMB
servers and man-in-the-middle attackers to execute arbitrary code or cause a
denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2)
SMBv2 response, aka “SMB Client Transaction Vulnerability.”
Microsoft Windows SMB Client Response Parsing Memory Corruption
Bugtraq: 39336
CVE: CVE-2010-0476
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2,
and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-
middle attackers to execute arbitrary code or cause a denial of service (memory
corruption and reboot) via a crafted SMB transaction response that uses (1)
SMBv1 or (2) SMBv2, aka “SMB Client Response Parsing Vulnerability.”
Microsoft Windows SMB Client Message Size Vulnerability
Bugtraq: 39340
CVE: CVE-2010-0477
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not
properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote
SMB servers and man-in-the-middle attackers to execute arbitrary code via a
crafted packet that causes the client to read the entirety of the response, and
then improperly interact with the Winsock Kernel (WSK), aka “SMB Client Message
Size Vulnerability.”
Oracle Java System Directory Server DSML UTF-8 Denial of Service
Bugtraq: 39453
CVE: CVE-2010-0897
In the Sun Java System Directory Server component in Oracle Sun Product Suite
5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors related to
Directory Service Markup Language.
Adobe Acrobat and Reader Multiple Vulnerabilities – APSB10-09
Bugtraq: 39329
CVE: Not available
Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier
versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier
versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier
versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and
Macintosh. These vulnerabilities could cause the application to crash and could
potentially allow an attacker to take control of the affected system
Linux : Adobe Acrobat and Reader Multiple Vulnerabilities – APSB10-09
Bugtraq: 39329
CVE: Not available
Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier
versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier
versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier
versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and
Macintosh. These vulnerabilities could cause the application to crash and could
potentially allow an attacker to take control of the affected system
Mac : Adobe Acrobat and Reader Multiple Vulnerabilities – APSB10-09
Bugtraq: 39329
CVE: Not available
Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier
versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier
versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier
versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and
Macintosh. These vulnerabilities could cause the application to crash and could
potentially allow an attacker to take control of the affected system
Mac : Apple Mac OS X Apple Type Services libFontParser Code Execution
Bugtraq: 38955
CVE: CVE-2010-1120
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote
attackers to execute arbitrary code via unknown vectors, as demonstrated by
Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
Oracle Database Server Multiple Vulnerabilities – April 2010
Bugtraq: Not available
CVE: Not available
Multiple vulnerabilities exist in Oracle Database Server. Some of these
vulnerabilities may be exploited by remote authenticated attackers to execute
arbitrary code on the target system. At least one of these vulnerabilities can
lead to full compromise of the system, where the injected code will run within
the security context of the system user.
IBM Lotus Notes SURunAs.exe Password Disclosure
Bugtraq: 39525
CVE: CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext
in SURunAs.exe, which allows local users to obtain sensitive information by
examining this file, aka SPR JSTN837SEG.
Multiple Vendors AgentX receive_agentx Stack Buffer Overflow
Bugtraq: 39564
CVE: CVE-2010-1318
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe
Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x
before 9.3, allows remote attackers to execute arbitrary code via unspecified
parameters.
Multiple Vendors AgentX receive_agentx Integer Overflow
Bugtraq: 39490
CVE: CVE-2010-1319
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as
used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and
other products, allows remote attackers to execute arbitrary code via a request
with a crafted payload length.
RealNetworks Helix Server NTLM Authentication Heap Overflow
Bugtraq: 39490
CVE: CVE-2010-1317
Heap-based buffer overflow in the NTLM authentication functionality in
RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows
remote attackers to have an unspecified impact via invalid base64-encoded data.
VMware Remote Console Format String Code Execution
Bugtraq: 39396
CVE: CVE-2009-3732
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote
Console (aka VMrc) allows remote attackers to execute arbitrary code via
unspecified vectors.
Google Chrome Multiple Vulnerabilities – Google Chrome 4.1.249.1059
Bugtraq: 39603
CVE: Not available
Multiple vulnerabilities have been reported in Google Chrome earlier than
4.1.249.1059.
Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution
Bugtraq: 39615
CVE: CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe
Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x
before 9.3, allows remote attackers to execute arbitrary code via unspecified
parameters.
Linux : Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution
Bugtraq: 39615
CVE: CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe
Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x
before 9.3, allows remote attackers to execute arbitrary code via unspecified
parameters.
Mac : Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution
Bugtraq: 39615
CVE: CVE-2010-1278
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe
Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x
before 9.3, allows remote attackers to execute arbitrary code via unspecified
parameters.
Apache ActiveMQ Source Code Disclosure
Bugtraq: 39636
CVE: Not available
The remote web server is affected by an information disclosure vulnerability.
Alt-N MDaemon Server Multiple Denial of Service Vulnerabilities
Bugtraq: 39657
CVE: Not available
MDaemon is prone to multiple remote denial-of-service vulnerabilities. An
attacker can exploit these issues to cause a crash, denying service to
legitimate users.
Google Chrome net-internals Cross Site Scripting
Bugtraq: 39667
CVE: CVE-2010-1503
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059
allows remote attackers to inject arbitrary web script or HTML via vectors
related to a chrome://net-internals URI.
Novell ZENworks Configuration Management UploadServlet Code Execution
Bugtraq: 39114
CVE: Not available
An error in the UploadServlet within Remote Management of ZENworks Server
(zenserver.exe) can be exploited to upload a file to an arbitrary directory
(e.g. the web root). An attacker can leverage this issue to execute arbitrary
code with SYSTEM-level privileges. Failed exploit attempts will result in a
denial-of-service condition.
Microsoft Internet Explorer XSS Filter Cross Site Scripting
Bugtraq: Not available
CVE: CVE-2010-1489
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform
neutering for the SCRIPT tag, which allows remote attackers to conduct cross-
site scripting (XSS) attacks against web sites that have no inherent XSS
vulnerabilities, a different issue than CVE-2009-4074.
Opera Browser Document Writing Uninitialized Memory Access
Bugtraq: 39855
CVE: CVE-2010-1728
Opera Web Browser is prone to a remote code-execution vulnerability. Attackers
can exploit this issue to execute arbitrary code or crash the affected
application.
Mac: Opera Browser Document Writing Uninitialized Memory Access
Bugtraq: 39855
CVE: Not available
Opera Web Browser is prone to a remote code-execution vulnerability. Attackers
can exploit this issue to execute arbitrary code or crash the affected
application.
Wing FTP Server HTTP protocol Directory Traversal
Bugtraq: 39744
CVE: Not available
A vulnerability is found in Wing FTP Server due to an input validation error
when processing HTTP requests. This can be exploited to access files outside the
web root folder via directory traversal attacks.
Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection
Bugtraq: 39422
CVE: CVE-2010-0870
Unspecified vulnerability in the Change Data Capture component in Oracle
Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect
confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
Google Chrome GURL Cross Origin Bypass Vulnerability
Bugtraq: 39813
CVE: CVE-2010-1663
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before
4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via
unspecified vectors.
Google Chrome Font Handling Memory Corruption
Bugtraq: 39808
CVE: CVE-2010-1665
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows
remote attackers to cause a denial of service (memory corruption) and possibly
have unspecified other impact via unknown vectors.
Google Chrome HTML5 Media Handling Memory Corruption
Bugtraq: 39804
CVE: CVE-2010-1664
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which
allows remote attackers to cause a denial of service (memory corruption) and
possibly have unspecified other impact via unknown vectors.
Microsoft Office SharePoint Server help.aspx Cross Site Scripting
Bugtraq: Not available
CVE: CVE-2010-0817
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft
SharePoint Server 2007 12.0.0.6421, and possibly earlier versions, allows remote
attackers to inject arbitrary web script or HTML via the cid0 parameter.
Adobe Photoshop CS4 TIFF File Processing Code Execution
Bugtraq: 39849
CVE: CVE-2010-1279
Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1
allow user-assisted remote attackers to execute arbitrary code via a crafted
TIFF file.
PHP HTTP Chunked Encoding Memory Corruption
Bugtraq: 39877
CVE: Not available
PHP is prone to a remote integer-overflow vulnerability. An attacker can exploit
this issue to execute arbitrary code in the context of the PHP process. Failed
exploit attempts will result in a denial-of-service condition.
RealVNC VNC Server ClientCutText Message Memory Corruption
Bugtraq: 39895
CVE: Not available
RealVNC Server “ClientCutText” message memory corruptionremote or denial of
service.
Alt-N MDaemon Email Server Remote File Disclosure
Bugtraq: Not available
CVE: Not available
A vulnerability was reported in MDaemon. A remote user can view files on the
target system in certain situations. A remote user can supply a specially
crafted mailing list SUBSCRIBE request followed by an additional request to view
arbitrary human-readable files on target.
Microsoft Office Visio DXF File Inserting Buffer Overflow
Bugtraq: 39836
CVE: CVE-2010-1681
Microsoft Visio is prone to a remote buffer-overflow vulnerability. This issue
arises when the application processes a malicious file. Attackers can exploit
this issue to execute arbitrary code in the context of the user running the
application. Failed exploit attempts will result in a denial-of-service
condition.
Microsoft Windows SMTP Service Predictable DNS Query Id
Bugtraq: 39908
CVE: CVE-2010-1689
The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a
DNS spoofing vulnerability. Successfully exploiting this issue allows remote
attackers to spoof DNS replies, allowing them to redirect network traffic and to
launch man-in-the-middle attacks.
Microsoft Windows SMTP Service DNS Response Spoofing
Bugtraq: 39910
CVE: CVE-2010-1690
The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a
DNS spoofing vulnerability. Successfully exploiting this issue allows remote
attackers to spoof DNS replies, allowing them to redirect network traffic and to
launch man-in-the-middle attacks.
Oracle Java Deployment Toolkit ActiveX Control Remote Code Execution
Bugtraq: Not available
CVE: CVE-2010-1423
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and
(b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when
running on Windows and possibly on Linux, allows remote attackers to execute
arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is
processed by the launch method. NOTE: some of these details are obtained from
third party information.
Linux : Oracle Java Deployment Toolkit ActiveX Control Remote Code Execution
Bugtraq: Not available
CVE: CVE-2010-1423
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and
(b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when
running on Windows and possibly on Linux, allows remote attackers to execute
arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is
processed by the launch method. NOTE: some of these details are obtained from
third party information.
Apple Safari parent.close Code Execution
Bugtraq: 39990
CVE: CVE-2010-1939
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote
attackers to execute arbitrary code by using window.open to create a popup
window for a crafted HTML document, and then calling the parent window\’s close
method, which triggers improper handling of a deleted window object.
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Bugtraq: 39710
CVE: CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise
Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3
before 4.3.0.CP08 performs access control only for the GET and POST methods,
which allows remote attackers to send requests to this application\’s GET
handler by using a different method.
Xitami Web Server AUX Processing Denial Of Service
Bugtraq: 40027
CVE: Not available
Xitami is prone to a denial-of-service vulnerability. Attackers can exploit this
issue to crash the affected application, denying service to legitimate users.
Microsoft Windows Mail and Outlook Express Integer Overflow
Bugtraq: 40052
CVE: CVE-2010-0816
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6
SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
allows remote e-mail servers and man-in-the-middle attackers to execute
arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a
certain +OK response on TCP port 110, aka “Outlook Express and Windows Mail
Integer Overflow Vulnerability.
Microsoft Office VBE6.DLL Stack Memory Corruption
Bugtraq: 39931
CVE: CVE-2010-0815
VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office
System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through
6.5 does not properly search for ActiveX controls that are embedded in
documents, which allows remote attackers to execute arbitrary code via a crafted
document, aka “VBE6.DLL Stack Memory Corruption Vulnerability.”
HP OpenView Network Node Manager ovet_demandpoll.exe Format String Code Execution
Bugtraq: 40065
CVE: CVE-2010-1550
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node
Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute
arbitrary code via format string specifiers in the sel parameter.
Adobe Shockwave Player Signedness Code Execution
Bugtraq: 40076
CVE: CVE-2010-0128
Integer signedness error in dirapi.dll in Adobe Shockwave Player before
11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause
a denial of service (memory corruption) or possibly execute arbitrary code via a
crafted .dir file that triggers an invalid read operation.
Mac : Adobe Shockwave Player Signedness Code Execution
Bugtraq: 40076
CVE: CVE-2010-0128
Integer signedness error in dirapi.dll in Adobe Shockwave Player before
11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause
a denial of service (memory corruption) or possibly execute arbitrary code via a
crafted .dir file that triggers an invalid read operation.
HP OpenView Network Node Manager netmon.exe Stack Buffer Overflow
Bugtraq: 40067
CVE: CVE-2010-1551
Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe
in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and
7.53 allows remote attackers to execute arbitrary code via the sel parameter.
Adobe Shockwave Player Memory Corruption
Bugtraq: Not available
CVE: Not available
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of
service (memory corruption) or possibly execute arbitrary code via unspecified
vectors.
Mac : Adobe Shockwave Player Memory Corruption
Bugtraq: Not available
CVE: Not available
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of
service (memory corruption) or possibly execute arbitrary code via unspecified
vectors.
Adobe Shockwave Player Integer Overflow
Bugtraq: 40084
CVE: CVE-2010-0130
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote
attackers to execute arbitrary code via a crafted .dir (aka Director) file.
Mac : Adobe Shockwave Player Integer Overflow
Bugtraq: 40084
CVE: CVE-2010-0130
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote
attackers to execute arbitrary code via a crafted .dir (aka Director) file.
Adobe Shockwave Player Integer Overflow
Bugtraq: Not available
CVE: Not available
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might
allow remote attackers to execute arbitrary code via crafted embedded fonts in a
Shockwave file.
Mac : Adobe Shockwave Player Integer Overflow
Bugtraq: Not available
CVE: Not available
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might
allow remote attackers to execute arbitrary code via crafted embedded fonts in a
Shockwave file.
Adobe Shockwave Player Denial of Service
Bugtraq: 40088
CVE: CVE-2010-1282
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a
denial of service (infinite loop and CPU consumption) via a crafted ATOM size in
a .dir (aka Director) file.
Mac : Adobe Shockwave Player Denial of Service
Bugtraq: 40088
CVE: CVE-2010-1282
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a
denial of service (infinite loop and CPU consumption) via a crafted ATOM size in
a .dir (aka Director) file.
HP OpenView NNM snmpviewer.exe CGI Format String Code Execution
Bugtraq: 40068
CVE: CVE-2010-1552
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP
OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote
attackers to execute arbitrary code via the act and app parameters.
HP OpenView NNM getnnmdata.exe CGI MaxAge Parameter Buffer Overflow
Bugtraq: 40070
CVE: CVE-2010-1553
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node
Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute
arbitrary code via an invalid MaxAge parameter.
HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow
Bugtraq: 40071
CVE: CVE-2010-1554
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node
Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute
arbitrary code via an invalid iCount parameter.
HP OpenView NNM getnnmdata.exe CGI Hostname Parameter Buffer Overflow
Bugtraq: 40072
CVE: CVE-2010-1555
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node
Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute
arbitrary code via an invalid Hostname parameter.
Oracle MySQL Database COM_FIELD_LIST Security Bypass
Bugtraq: 40109
CVE: CVE-2010-1848
MySQL is prone to a security-bypass vulnerability. An attacker can exploit this
issue to bypass certain security restrictions and to read and delete content
from the affected database. Other attacks may also be possible.
Oracle MySQL Database COM_FIELD_LIST Buffer Overflow
Bugtraq: 40106
CVE: CVE-2010-1850
MySQL is prone to a buffer-overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied data. An authenticated attacker can
leverage this issue to execute arbitrary code within the context of the
vulnerable application. Failed exploit attempts will result in a denial-of-
service condition.
Adobe Shockwave Player DIR File Parsing Memory Corruption
Bugtraq: 40081
CVE: CVE-2010-1280
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a crafted
.dir (aka Director) file, related to (1) an erroneous dereference and (2) a
certain Shock.dir file.
Adobe Shockwave Player DIR Files PAMI Chunk Code Execution
Bugtraq: 40079
CVE: CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before
11.5.7.609 does not validate a certain value from a file before using it in
file-pointer calculations, which allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted .dir (aka
Director) file.
Mac : Apple Mac OS X Java mediaLibImage Object Processing Code Execution
Bugtraq: 40238
CVE: CVE-2010-0538
Apple Mac OS X is prone to a vulnerability that lets attackers run arbitrary
code because the software fails to properly handle Java applets containing
malicious \’mediaLibImage\’ objects. Successful exploits will allow an attacker
to run arbitrary code in the context of the affected software. Failed exploit
attempts may result in denial-of-service conditions.
Mac : Apple Mac OS X Java Window Drawing Handling Code Execution
Bugtraq: 40240
CVE: CVE-2010-0539
Apple Mac OS X is prone to a vulnerability that lets attackers run arbitrary
code because the software fails to properly handle window drawing in specially
crafted Java applets. Successful exploits will allow an attacker to run
arbitrary code in the context of the affected software. Failed exploit attempts
may result in denial-of-service conditions.
IBM WebSphere Application Server File Disclosure
Bugtraq: 40277
CVE: CVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43,
6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long
filenames and consequently sends an incorrect file in some responses, which
allows remote attackers to obtain sensitive information by reading the retrieved
file.
ClamAV AntiVirus PDF cli_pdf Denial of Service
Bugtraq: 40317
CVE: CVE-2010-1639
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote
attackers to cause a denial of service (crash) via a malformed PDF file, related
to an inconsistency in the calculated stream length and the real stream length.
Adobe Shockwave Player 3D Parsing Memory Corruption
Bugtraq: 40077
CVE: CVE-2010-1283
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in
.dir (aka Director) files, which allows remote attackers to execute arbitrary
code or cause a denial of service (heap memory corruption) via a modified field
in a 0xFFFFFF49 record.
Mac : Adobe Shockwave Player 3D Parsing Memory Corruption
Bugtraq: 40077
CVE: CVE-2010-1283
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in
.dir (aka Director) files, which allows remote attackers to execute arbitrary
code or cause a denial of service (heap memory corruption) via a modified field
in a 0xFFFFFF49 record.
Adobe Photoshop CS4 ABR File Processing Buffer Overflow
Bugtraq: 40389
CVE: CVE-2010-1296
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-
assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2)
.ABR, or (3) .GRD file.
Mac : Adobe Photoshop CS4 ABR File Processing Buffer Overflow
Bugtraq: 40389
CVE: CVE-2010-1296
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-
assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2)
.ABR, or (3) .GRD file.
Google Chrome Multiple Vulnerabilities
Bugtraq: 40367
CVE: Not available
Multiple vulnerabilities have been reported in Google Chrome earlier than
5.0.375.55. Attackers can exploit these issues to execute arbitrary code in the
context of the browser, cause denial-of-service conditions, carry out cross-
domain scripting attacks, carry out spoofing attacks, and bypass intended
security restrictions; other attacks are also possible.
Linux : Google Chrome Multiple Vulnerabilities
Bugtraq: 40367
CVE: Not available
Multiple vulnerabilities have been reported in Google Chrome earlier than
5.0.375.55. Attackers can exploit these issues to execute arbitrary code in the
context of the browser, cause denial-of-service conditions, carry out cross-
domain scripting attacks, carry out spoofing attacks, and bypass intended
security restrictions; other attacks are also possible.
Mac: Google Chrome Multiple Vulnerabilities
Bugtraq: 40367
CVE: Not available
Multiple vulnerabilities have been reported in Google Chrome earlier than
5.0.375.55. Attackers can exploit these issues to execute arbitrary code in the
context of the browser, cause denial-of-service conditions, carry out cross-
domain scripting attacks, carry out spoofing attacks, and bypass intended
security restrictions; other attacks are also possible.
Adobe Acrobat Version Detection
Bugtraq: Not available
CVE: Not available
The remote windows host contains Adobe Acrobat.
Adobe AIR Version Detection
Bugtraq: Not available
CVE: Not available
The remote windows host contains Adobe AIR.
Adobe Reader Version Detection
Bugtraq: Not available
CVE: Not available
The remote windows host contains Adobe Reader.
Apple Safari Detection
Bugtraq: Not available
CVE: Not available
Detects the version of Apple Safari on the remote Windows host.
ClamAV Detection
Bugtraq: Not available
CVE: Not available
No summary available
Microsoft Exchange Server Detection
Bugtraq: Not available
CVE: Not available
Microsoft Exchange Server is installed on the remote Windows host.
Adobe Flash Player Version Detection
Bugtraq: Not available
CVE: Not available
The remote windows host contains Adobe FLash Player.
GNU tar and cpio version detection
Bugtraq: Not available
CVE: Not available
No summary available
IBM Lotus Notes Detection
Bugtraq: Not available
CVE: Not available
IBM Lotus Notes is installed on the remote Windows host.
iTunes Detection
Bugtraq: Not available
CVE: Not available
There is a media player installed on the remote Windows host.
LinuxShield Detection
Bugtraq: Not available
CVE: Not available
No summary available
Mac: Opera Detection
Bugtraq: Not available
CVE: Not available
Opera, an alternative web browser, is installed on the remote Mac host.
QuickTime Detection
Bugtraq: Not available
CVE: Not available
There is a media player installed on the remote Windows host.
Mac: QuickTime Detection
Bugtraq: Not available
CVE: Not available
There is a media player installed on the remote Mac OS X.
Adobe Shockwave Player Version Detection
Bugtraq: Not available
CVE: Not available
The remote windows host contains Adobe Shockwave Player.
Sun Java Runtime Environment (JRE) Detection
Bugtraq: Not available
CVE: Not available
Java runtime environment is installed on the remote Windows host
Detect VMware Player
Bugtraq: Not available
CVE: Not available
Detects if VMware Player is installed on the remote Windows host.
Detect VMware Workstation
Bugtraq: Not available
CVE: Not available
Detects if VMware Workstation is installed on the remote Windows host.
Xitami Server Detection
Bugtraq: Not available
CVE: Not available
Xitami Server is running on the remote host.
research Detection, New Logic, Vuln Scanner