| |
Vulnerabilities and Alerts:
SecurityFocus Vulnerabilities:
 3 Jul :
phpMyAdmin SQL bookmark HTML Injection Vulnerability
|
3 Jul :
Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability
|
3 Jul :
Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
|
3 Jul :
LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
|
Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
|
[SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution
|
[oCERT-2009-007] FCKeditor input sanitization errors
|
One Click Ownage [White Paper and Scripts]
|
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
|
Microsoft Vulnerabilities:
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
9 Jun :
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications.
|
9 Jun :
Bulletin Severity Rating:Important - This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
|
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Jun :
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not installed on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability.
|
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
|
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
9 Jun :
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
|
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Jun :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
|
12 May :
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
14 Apr :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packets to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
|
14 Apr :
Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
|
14 Apr :
Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
14 Apr :
Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
Redhat Vulnerabilities:
Red Hat Enterprise Linux: An updated yum package that resolves an issue with RHN Snapshot Rollback is
now available.
|
Red Hat Enterprise Linux: Updated bind packages that resolve an issue are now available for Red
Hat Enterprise Linux 5.
|
Red Hat Enterprise Linux: Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2009-2185
|
Red Hat Enterprise Linux: Updated pidgin packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. CVE-2009-1889
|
Red Hat Enterprise Linux: Updated ruby packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. CVE-2007-1558, CVE-2009-0642, CVE-2009-1904
|
Red Hat Enterprise Linux: Updated nagios packages that fix one security issue are now available for
the Red Hat HPC Solution.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2009-2288
|
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs are now available for Red Hat
Enterprise Linux 5.
|
Red Hat Enterprise Linux: Updated kernel packages that fix a bug are now available for Red Hat
Enterprise Linux 5.
|
Red Hat Enterprise Linux: Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2009-1072, CVE-2009-1192, CVE-2009-1385, CVE-2009-1630, CVE-2009-1758
|
Secunia Vulnerabilities:
[CaRP] XML error: syntax error at line 1
CERT Vulnerabilities:
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Acrobat and Reader Vulnerabilities
|
Adobe Reader and Acrobat JavaScript Vulnerabilities
|
Apple Updates for Multiple Vulnerabilities
|
Microsoft PowerPoint Multiple Vulnerabilities
|
Oracle Updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Conficker Worm Targets Microsoft Windows Systems
|
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Acrobat and Reader Vulnerability
|
IGX Vulnerabilities:
[CaRP] Connection timed out (110)
[CaRP] XML error: mismatched tag at line 10
This page is created dynamically and was last updated :
03 July, 2009 GMT
|
|
