| |
Vulnerabilities and Alerts:
SecurityFocus Vulnerabilities:
 15 May :
Rantx 'admin.php' Unauthorized Access Vulnerability
|
15 May :
Drupal Site Documentation Module Database Tables Information Disclosure Vulnerability
|
15 May :
SunShop Shopping Cart 'index.php' SQL Injection Vulnerability
|
15 May :
Symantec Altiris Deployment Solution 'axengine.exe' SQL Injection Vulnerability
|
ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability
|
ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability
|
SunShop Version 3.5.1 Remote Blind Sql Injection
|
Debian generated SSH-Keys working exploit
|
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
|
Microsoft Vulnerabilities:
13 May :
Bulletin Severity Rating:Moderate - This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
|
13 May :
Bulletin Severity Rating:Critical - This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
13 May :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
13 May :
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Apr :
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
|
8 Apr :
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Apr :
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Apr :
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
8 Apr :
Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
8 Apr :
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
|
8 Apr :
Bulletin Severity Rating:Important - This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
8 Apr :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
11 Mar :
Bulletin Severity Rating:Critical - This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
11 Mar :
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
11 Mar :
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
|
Redhat Vulnerabilities:
Red Hat Enterprise Linux: Updated GFS packages that fix module loading issues are now available for
Red Hat Enterprise Linux 3.9, kernel release 2.4.21-57.EL.
|
Red Hat Enterprise Linux: An updated system-config-cluster package that fixes a bug is now available.
|
Red Hat Enterprise Linux: Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
|
Red Hat Enterprise Linux: Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 2.1.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009
|
Red Hat Enterprise Linux: Updated xen packages that fix several security issues and a bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team. CVE-2007-3919, CVE-2007-5730, CVE-2008-0928, CVE-2008-1943, CVE-2008-1944, CVE-2008-2004
|
Red Hat Enterprise Linux: Updated cman-kernel packages that fix module loading issues are now
available for Red Hat Enterprise Linux 4.6, kernel release
2.6.9-67.0.15.EL.
|
Red Hat Enterprise Linux: Updated dlm-kernel packages that fix various bugs and module loading issues
are now available for Red Hat Enterprise Linux 4.6, kernel release
2.6.9-67.0.15.EL.
|
Red Hat Enterprise Linux: Updated gnbd-kernel packages that fix module loading issues are now
available for Red Hat Enterprise Linux 4.6, kernel release
2.6.9-67.0.15.EL.
|
Red Hat Enterprise Linux: Updated GFS-kernel packages that fix a bug and module-loading issues
are now available for Red Hat Enterprise Linux 4.6, kernel release
2.6.9-67.0.15.EL.
|
Secunia Vulnerabilities:
MajnOoNxHaCkEr has discovered a vulnerability in Fusebox, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Russ McRee has reported a vulnerability in phpVID, which can be exploited by malicious people to conduct cross-site scripting attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
A vulnerability has been reported in the Site Documentation module for Drupal, which can be exploited by malicious people to disclose sensitive information.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
EgiX has discovered a vulnerability in LANAI CMS, which can be exploited by malicious people to compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Deniz Cevik has reported a vulnerability in Oracle Application Server, which can be exploited by malicious people to bypass certain security restrictions.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
t0pP8uZz has discovered a vulnerability in AustinSmoke GasTracker (AS-GasTracker), which can be exploited by malicious people to bypass certain security restrictions.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Fedora has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
t0pP8uZz has reported a vulnerability in Feedback and Rating Script, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Cyb3r-1sT has reported some vulnerabilities in PHP Classifieds Script, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Fedora has issued an update for clamav. which can be exploited by malicious people to cause a DoS (Denial of Service), or to compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
t0pP8uZz has reported a vulnerability in AJ Article, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to potentially cause a DoS (Denial of Service).
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
t0pP8uZz has reported a vulnerability in AJ Classifieds 2008, which can be exploited by malicious people to conduct SQL injection attacks.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
Some vulnerabilities have been reported in the sr_feuser_register extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.
Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
|
CERT Vulnerabilities:
Microsoft Updates for Multiple Vulnerabilities
|
Adobe Flash updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Apple Quicktime Updates for Multiple Vulnerabilities
|
Mozilla Updates for Multiple Vulnerabilities
|
Cisco Updates for Multiple Vulnerabilities
|
Apple Updates for Multiple Vulnerabilities
|
MIT Kerberos Updates for Multiple Vulnerabilities
|
Microsoft Updates for Multiple Vulnerabilities
|
Sun Updates for Multiple Vulnerabilities in Java
|
IGX Vulnerabilities:
[CaRP] XML error: mismatched tag at line 10
This page is created dynamically and was last updated :
15 May, 2008 GMT
|
|
