| |
Vulnerabilities and Alerts:
SecurityFocus Vulnerabilities:
18 Mar :
Bible Study Joomla! Component 'controller' Parameter Local File Include Vulnerability
|
18 Mar :
Energizer DUO USB Battery Charger Unauthorized Access Vulnerability
|
18 Mar :
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
|
18 Mar :
Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
|
Sahana 0.6.2.2 Authentication Bypass
|
Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability
|
Secunia Research: Quicksilver Forums Backup Information Disclosure
|
Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure
|
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
|
Microsoft Vulnerabilities:
9 Mar :
Bulletin Severity Rating:Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Mar :
Bulletin Severity Rating:Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
|
9 Feb :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
|
9 Feb :
Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
|
9 Feb :
Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
|
9 Feb :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
|
9 Feb :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
|
9 Feb :
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
9 Feb :
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
Redhat Vulnerabilities:
Red Hat Enterprise Linux: New kmod-lpfc-rhel5u4-8.2.0.63-1.0 packages are now available for Red Hat
Enterprise Linux 5.4. These packages are a temporary driver update which
enables the following hardware:
Emulex LightPulse Fibre Channel Host Bus Adapters.
|
Red Hat Enterprise Linux: This new package provides signed, para-virtualized block and network
drivers for Red Hat Enterprise Linux 3 as a KVM virtualized guest.
|
Red Hat Enterprise Linux: An updated device-mapper package that fixes a bug is now available.
|
Red Hat Enterprise Linux: Updated lvm2 packages that fix a bug are now available.
|
Red Hat Enterprise Linux: Updated cyrus-sasl packages that resolve an issue are now available.
|
Red Hat Enterprise Linux: An updated freeradius package that fixes a bug is now available.
|
Red Hat Enterprise Linux: An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section. CVE-2009-0689, CVE-2009-1571, CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-2470, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3274, CVE-2009-3376, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159
|
Red Hat Enterprise Linux: An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section. CVE-2009-0689, CVE-2009-1571, CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-2470, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3274, CVE-2009-3376, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159
|
Red Hat Enterprise Linux: Updated java-1.4.2-ibm packages that fix one security issue and a bug are
now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section. CVE-2009-3555
|
Secunia Vulnerabilities:
[CaRP] XML error: mismatched tag at line 45
CERT Vulnerabilities:
Microsoft Updates for Multiple Vulnerabilities
|
Malicious Activity Associated with "Aurora" Internet Explorer Exploit
|
Microsoft Updates for Multiple Vulnerabilities
|
Microsoft Internet Explorer Vulnerabilities
|
Adobe Reader and Acrobat Vulnerabilities
|
Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities
|
Oracle Updates for Multiple Vulnerabilities
|
Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
|
Microsoft Updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
IGX Vulnerabilities:
[CaRP] Success (0)
[CaRP] XML error: mismatched tag at line 10
This page is created dynamically and was last updated :
18 March, 2010 GMT
|
|