ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-086
December 8, 2009
-- CVE ID:
CVE-2009-3671
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 8
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:091-1
http://www.mandriva.com/security/
ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-089
December 8, 2009
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3
Microsoft Windows 2003 SP2
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:093-1
http://www.mandriva.com/security/
Hi,
I am the project leader and the maintainer of Notepad++.
Regarding your report, Notepad++ has a vulnerable issue due to a buffer
overflow
issue (Bugtraq ID: 36426).
Several tests with Notepad++ v5.4.5 and the Notepad++ v5.6.1 (latest
version)
are processed under XP SP3 and Vista SP1.
ZDI-09-087: Microsoft Internet Explorer CSS Race Condition Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-087
December 8, 2009
-- CVE ID:
CVE-2009-3673
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 7
Microsoft Internet
ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-091
December 8, 2009
-- CVE ID:
CVE-2009-3844
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard Application Recovery
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:046-1
http://www.mandriva.com/security/
Fortinet Discovers Vulnerability in Indeo Codec
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in Indeo
Codec.
Impact:
Remote Code Execution.
Risk:
Critical.
Affected Software:
For a list of operating system and product
ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-093
December 9, 2009
-- CVE ID:
CVE-2009-3799
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Flash Player
-- TippingPoint(TM) IPS Customer
ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-090
December 8, 2009
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3
Microsoft Windows 2003 SP2
--
ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-092
December 9, 2009
-- CVE ID:
CVE-2009-3794
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Flash Player
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
After the issue in CVE-2009-4211 was made public, the Unix SRR script
was removed from http://iase.disa.mil/stigs/SRR/unix.html with a note
saying:
?Due to a recently identified security issue, please do not run any
version of the UNIX SRR scripts
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Piwik Cookie Unserialize() Vulnerability
Release Date: 2009/12/09
Last Modified: 2009/12/09
Author: Stefan Esser
Fortinet Discovers Microsoft Office Project Vulnerability (MS09-074)
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in
Microsoft Office Project.
Impact:
Remote Code Execution.
Risk:
Critical.
Affected Software:
For a list
Usually, curl is used to connect and retrieve data from a remote URL
using the http protocol. However, curl supports a bunch of protocols.
One of these protocols is the file protocol. Using this protocol you can
read local files by using an URL like file:///etc/passwd. Therefore, if
the user can
===
Ubuntu Security Notice USN-867-1 December 08, 2009
ntp vulnerability
CVE-2009-3563
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:276-1
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:059-1
http://www.mandriva.com/security/
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: PHPIDS Unserialize() Vulnerability
Release Date: 2009/12/09
Last Modified: 2009/12/09
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-09-094
December 9, 2009
-- CVE ID:
CVE-2009-3845
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
===
Ubuntu Security Notice USN-868-1 December 09, 2009
grub2 vulnerability
CVE-2009-4128
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory
ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable
vsprintf Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-096
December 9, 2009
-- CVE ID:
CVE-2009-3848
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:328
http://www.mandriva.com/security/
ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable
strcat Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-097
December 9, 2009
-- CVE ID:
CVE-2009-3849
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network
ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference
Dangling Pointer Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-088
December 8, 2009
-- CVE ID:
CVE-2009-3674
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 8
--
ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-095
December 9, 2009
-- CVE ID:
CVE-2009-3849
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-08
December 9, 2009
-- CVE ID:
CVE-2009-3846
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-09
December 9, 2009
-- CVE ID:
CVE-2009-4176
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-10
December 9, 2009
-- CVE ID:
CVE-2009-4177
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-11: HP OpenView NNM OvWebHelp.exe CGI Topic Heap Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-11
December 9, 2009
-- CVE ID:
CVE-2009-4178
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-12
December 9, 2009
-- CVE ID:
CVE-2009-4179
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-13
December 9, 2009
-- CVE ID:
CVE-2009-4180
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-14
December 9, 2009
-- CVE ID:
CVE-2009-4181
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:030-1
http://www.mandriva.com/security/
ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-098
December 9, 2009
-- CVE ID:
CVE-2009-3027
-- Affected Vendors:
Symantec
-- Affected Products:
Symantec Symantec Backup Exec Continuous Protection Server
36 matches
Mail list logo