Mogwai Security Advisory MSA-2016-01
--
Title: PowerFolder Remote Code Execution Vulnerability
Product:PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
affe
RISE-2006001
X11R6 XKEYBOARD extension Strcmp() buffer overflow vulnerability
Released: September 07, 2006
Last updated: September 07, 2006
INTRODUCTION
There exists a vulnerability within a string manipulation function of the X11R6
(X11R6.4 and lower) X Window System library, which when p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
RISE-2006002
FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability
Released: September 23, 2006
Last updated: September 23, 2006
INTRODUCTION
There exists a vulnerability within a architecture dependent function of the
FreeBSD kernel (Fre
) due to incorrect
handling of RPC requests on TCP port 6503. The interface is identified by
dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 45 specifies the vulnerable
operation within this interface.
Advisory:
http://www.lssec.com/advisories/LS-20060330.pdf
(casdscsvc.exe) due to
incorrect handling of requests on TCP port 41523.
Advisory:
http://www.lssec.com/advisories/LS-20060220.pdf
) due to incorrect
handling of RPC requests on TCP port 6503. The interface is identified by
dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 43 specifies the vulnerable
operation within this interface.
Advisory:
http://www.lssec.com/advisories/LS-20060313.pdf
LS-20061113
LSsec has discovered a vulnerability in
Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by
an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on
an affected system.
The flaw specifically exists within the
Tape Engine (tapeeng
LS-20061102
LSsec has discovered a vulnerability in
Business Objects Crystal Reports XI Professional,
which could be exploited by an attacker in order
to execute arbitrary code on an affected system.
Exploitation requires that the attacker coerce
the target user into opening a malicious .RPT file
LS-20060908
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine (tapee
LS-20061001
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine (tapee
I agree completely with mz,
This is just how FireFox works, the data:text/html,base64;somestringinbase64==
is just pure functionality. The redirection parameters is not equal to a
vulnerability since as mz said, the attacker could just redirect to his own
site.
The best way to defend against
://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt
AFFECTED: Cygwin setup.exe 2.573.2.2
PLATFORM: Intel / Windows
CLASSIFICATION: Insufficient Verification of Data Authenticity (CWE-345)
RESEARCHER: Derek Callaway
IMPACT: Client-side code execution
SEVERITY: Medium
DIFFICULTY
Versions Affected: 3.8.6 (Only!)
Info:
Content publishing, search, security, and morevBulletin has it all. Whether
its available features, support, or ease-of-use, vBulletin offers the most for
your money. Learn more about what makes vBulletin the choice for people
who are serious about creating
n:
- Vulnerabilities found and researched: 23rd July 2010
- Vulnerabilities disclosed at InterN0T 24th July
- Bugtraq contacted (again) at: 28th July
References:
http://forum.intern0t.net/intern0t-advisories/2861-jira-enterprise-4-0-1-multiple-low-risk-vulnerabilities.html
All of the best,
MaXe
and researched: 31st October 2010
- Full Disclosure 8th November 2010
References:
http://www.exploit-db.com/finding-0days-in-web-applications/
http://www.youtube.com/watch?v=ni3inoHkOPc
http://forum.intern0t.net/intern0t-advisories/3329-search-engine-optimization-panel-2-1-0-critical-file-disclosure.html
sclosed to Exploit-DB, Bugtraq and InterN0T: 14th November
References:
http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-persistent-xss-profile-customization.html
http://www.vbulletin.com/forum/showthread.php?366834-vbulletin-4-profile-customization-exploit
http://blip.tv/file/43
- Disclosed at: InterN0T, Full Disclosure, Bugtraq and Exploit: 20th November
References:
http://forum.intern0t.net/intern0t-advisories/3398-vbulletin-4-0-8-pl1-cross-site-scripting-filter-bypass-within-profile-customization.html
http://forum.intern0t.net/intern0t-advisories/3349-vbulletin-4-0-8-p
LiveZilla - Cross Site Scripting Vulnerability
Version Affected: 3.1.8.3 (newest)
Info:
LiveZilla, the Next Generation Live Help / Live Chat and Live
Support System connects you to your website visitors. Use
LiveZilla to provide Live Chats and monitor your website visitors
in real-time.
ShareTronix - HTML Injection Vulnerability
Version Affected: 1.0.4 (newest)
Info:
Sharetronix Opensource is a multimedia microblogging platform.
It helps people in a community, company, or group to exchange short messages
over the Web.
Credits: MaXe from InterN0T (patched the vulnera
nce:
http://forum.intern0t.net/intern0t-advisories/2528-vbulletin-3-8-4-pl2-insecure-custom-bbcode.html
All of the best,
MaXe
Note: This is a belated release to the mailing lists (though most of the
tracking services picked this up via the Citrix advisory)...
-- Corsaire Security Advisory --
Title: Citrix Access Gateway session ID disclosure issue
Date: 05.09.06
Application: Citrix Advanced Access Control 4.0
-- Corsaire Security Advisory --
Title: Sun J2RE DoS issue
Date: 05.09.06
Application: Sun JRE 5.0 prior to update 14
Environment: Sun JRE
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General distribution
Reference: c060905-002
-- Scope --
The aim of this document is to clearly define an
Hi MustLive,
I can confirm that this consumed most ressources in FireFox 3.5.2 as well.
I have the newest Google Chrome browser installed which might explain why.
Best regards, hopes, peace and love,
MaXe - Founder of InterN0T - Undergrou...
http://www.intern0t.net/
PS: The extra long signatur
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening
because Google Chrome was installed, due to FireFox isn't able to know what
``chromehtml:´´ is on its own. (it has to be associated with an application in
this case)
vBulletin - Cross Site Script Redirection
Versions Affected: 3.8.4 / 3.7.6 / 3.6.12
Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1
Info: An XSS flaw within the user profile page has recently been discovered.
This could allow an attacker to carry out an action as a user or obtain
acce
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also a
WKIT SECURITY AB
www.wkit.com
TITLE: Joe's Own Editor File Handling Error
ADVISORY ID:WSIR-01/02-02
REFERENCE: http://www.wkit.com/advisories
CVE:GENERIC-MAP-NOMATCH
CREDIT: Christer Öberg, Wkit Security AB
CONTACT:[EMAIL PROTECTED]
Whitehouse ([EMAIL PROTECTED])
Vendor Status: Informed and patch available
CVE Candidate: CAN-2002-0663
Reference: www.atstake.com/research/advisories/2002/a071502-1.txt
Overview:
Symantec (http://www.symantec.com/) Norton Personal Internet
Firewall is a widely used desktop firewalling
); i++)
*(ptr++) = shellcode[i];
buff[bsize - 1] = '\0';
execlp("/usr/X11R6/bin/ascdc","ascdc","-d",buff,0);
}
SOLUTION/VENDOR INFORMATION/WORKAROUND
No information available
CREDITS
This vulnerability was discovered and documented by Christer Öberg o
, Sweden.
Supplementary information and comments about this issue has been given by
Elias Levy of Security Focus (http://www.securityfocus.com) and moderator
of the Bugtraq mailing list.
Other advisories from Wkit Security AB can be obtained from:
http://www.wkit.com/advisories/
DISCLAMER
T
: www.atstake.com/research/advisories/2002/a041002-1.txt
Overview:
Microsoft's Internet Information Server (IIS) is a web server that
is part of the Windows NT 4.0 and Windows 2000 server operating
system.
In the default IIS installation, .htr functionality is enabled. .htr
files are used only for fo
7;as is' basis
in the hope that it will be useful. Information Risk Management Plc is
not responsible for any risks or occurrences caused by the application
of this information.
A copy of this advisory may be found at http://www.irmplc.com/advisories
The PGP key used to sign IRM advisories
AdSubtract Proxy ACL Bypass Vulnerability
URL
http://www.lurhq.com/advisory20030604.html
Release Date
June 4, 2003
Author
Joe Stewart
About AdSubtract
AdSubtract is one of the leading products in the banner-ad blocking
software market. It is frequently bundled with modems from several
leading
Macromedia Flash Player Improper Memory Access Vulnerability
Release Date:
November 4, 2005
Date Reported:
June 27, 2005
Severity:
High
Vendor:
Macromedia
Systems Affected:
Macromedia Flash 6 (on all Windows platforms)
Macromedia Flash 7 (on all Windows platforms)
Overview:
eEye Digital Sec
LS-20061102
LSsec has discovered a vulnerability in Business Objects Crystal Reports XI
Professional,
which could be exploited by an attacker in order to execute arbitrary code on
an affected system. Exploitation requires that the attacker coerce the target
user into opening a malicious .RPT fi
Computer Terrorism (UK) :: Incident Response Centre
www.computerterrorism.com
Security Advisory: CT09-01-2007
===
Microsoft Outlook Advanced Find - Remote Code Execution
===
Advisory Date:
LS-20061002
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by an anonymous attacker in order to
execute arbitrary code with SYSTEM privileges on an affected system. The flaw
specifically exists within the Tape Engine (tapee
-- Corsaire Security Advisory --
Title: ChainKey Java Code Protection Bypass issue
Date: 06.11.06
Application: Java Code Protection
Environment: Java Virtual Machine
Author: Stephen de Vries [EMAIL PROTECTED]
Audience: General distribution
Reference: c061106-001
-- Scope --
The
Scripting
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-01 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: Multiple vulnerabilities (SQL Injection and Reflected Cross Site
Scripting) was discovered during the testing of Sojobo, Static Analysis Tool.
II
(2/5)
Advisory Reference : SOJOBO-ADV-13-02 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
during the testing of Sojobo, Static Analysis Tool.
II. * Details *
===
A) Reflected Cross Site Scripting
/
http://wordpress.org/plugins/gallery-bank/
Vulnerability Type : Reflected Cross-Site Scripting
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-03 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
Vulnerability in Pydio/AjaXplorer < = 5.0.3
Background:
Pydio allows you to instantly turn any server into a powerful file sharing
platform. Formerly known as AjaXplorer
Description of vulnerability
There is an unrestricted upload capability, in one of the plugins that
Vulnerability in Pydio/AjaXplorer < = 5.0.3
Background:
Pydio allows you to instantly turn any server into a powerful file sharing
platform. Formerly known as AjaXplorer
Description of vulnerability
There is a path traversal vulnerability in the zoho plugin that is dist
Scripting
Severity : High (4/5)
Advisory Reference : SOJOBO-ADV-13-04 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A File Inclusion and Reflected Cross Site Scripting vulnerability
was discovered during the testing of Sojobo, Static Analysis Tool.
II. * Details
Severity : Medium (3/5)
Advisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories)
Credits: Sojobo dev team
Description: A Reflected Cross Site Scripting vulnerability was discovered
during the testing of Sojobo, Static Analysis Tool.
II. * Details *
===
A) Reflected Cross
\BaseNamedObjects):
SophosALMonSessionInstance
Further details at:
http://www.portcullis-security.com/security-research-and-downloads/secur
ity-advisories/cve-2014-1213/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby
any directory
specified by the attackers as the file upload function does not does not
verify file type or origin when processing the request.
Further details at:
http://www.portcullis-security.com/security-research-and-downloads/secur
ity-advisories/cve-2014-1214/
Copyright:
Copyright
g Security Experts GmbH employee Eric Sesterhenn
Advisory URL: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
Advisory Status: Public
CVE-Number: CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
Impact
==
It is possible to attack user sessions and to execute JavaScript in
another users browser.
Risk: high
Likelihood of Exploitation: low
Vendor: Perl
Vendor URL: http://www.perl.org
Credits: LSE Leading Security Experts GmbH employee Markus Vervier
Advisory URL: https://www.lsexperts.de/advisories/lse-2014-06-10.txt
Advisory Status: Public
CVE-Number: CVE-2014-4330
CVE URL: http
Mogwai Security Advisory MSA-2015-01
--
Title: WP Pixarbay Images Multiple Vulnerabilities
Product:Pixarbay Images (Wordpress Plugin)
Affected versions: 2.3
Impact: high
Remote:
Mogwai Security Advisory MSA-2015-03
--
Title: iPass Mobile Client service local privilege escalation
Product:Hewlett-Packard Universal CMDB (UCMDB)
Affected versions: iPass Mobile Client 2.4.2.1512
=[]
=
Credits:
=
HighSecure.ir
Contact: advisories[aT]highsecure[dOt]ir
References:
http://www.highsecure.ir/research/20120822-paliz.txt
##
ory URL: https://www.lsexperts.de/advisories/lse-2015-10-14.txt
Advisory Status: Public
CVE-Number:
CVE URL: ---
Impact
==
Enables to read and modify the HumHub Mysql Database.
Issue Description
=
While conducting an internal software evaluation, LSE Leading
Security Experts GmbH disco
Available
CVE Candidate: CVE-2006-2549
Reference:
http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description:
> From the pdf-tools.com website[1]:
"PDF Tools AG is
-- Corsaire Security Advisory --
Title: VMware ESX Server Cross Site Scripting issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.2 upgrade patch 2
VMware ESX prior to 2.1.2 upgrade patch 6
VMware ESX prior to 2.0.1 upgrade patch 6
Environment: VMware ESX
Author: S
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Cross Site Request Forgery issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.3 upgrade patch 2
VMware ESX prior to 2.1.3 upgrade patch 1
VMware ESX prior to 2.0.2 upgrade patch 1
Environment: VMwa
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Disclosure in Log issue
Date: 14.11.05
Application: VMware ESX prior to 2.5.3 upgrade patch 2
VMware ESX prior to 2.1.3 upgrade patch 1
VMware ESX prior to 2.0.2 upgrade patch 1
Environment: VMware ESX
Au
-- Corsaire Security Advisory --
Title: VMware ESX Server Password Disclosure in Cookie issue
Date: 12.05.06
Application: VMware ESX prior to 2.5.2 patch 4
VMware ESX prior to 2.0.2
Environment: VMware ESX
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General distribution
Referen
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-026
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
# Product: totemomail Encryption Gateway
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Atmosphere [1]
# Vendor:Async-IO.org
# CSNC ID: CSNC-2018-023
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud iOS Application (owncloud.iosapp) [1]
# Vendor: ownCloud Gmbh
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: ownCloud Impersonate
# Vendor: ownCloud
# CSNC ID: CSNC-2018-015
/advisories/cisco-webex-meetings-elevation-privilege-vulnerability
Date published: 2018-11-27
Date of last update: 2018-11-27
Vendors contacted: Cisco
Release mode: Coordinated release
*2. *Vulnerability Information**
Class: OS command injection [CWE-78]
Impact: Code execution
Remotely Exploitable: No
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: SICAM A8000 Series
# Vendor: Siemens
# CSNC ID: CSNC-2019-002
# CVE
SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/
Micro Focus Filr Multiple Vulnerabilities
1. *Advisory Information*
Title: Micro Focus Filr Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0001
Advisory URL:
https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple
://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27
Vendors contacted: Cisco
Release mode: Coordinated release
2. *Vulnerability Information*
Class: OS command injection [CWE-78]
Impact: Code execution
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: VeloCloud
# Vendor: VMware
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Apache Olingo OData 4.0
# Vendor: Apache Foundation
# CSNC ID: CSNC
#
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#
#
# Product: ASP.NET Core
# Vendor:Microsoft https://www.microsoft.com
# CSNC ID: CSN
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#
#
# Product: Mongoose OS
# Vendor: Cesanta
# CVE ID: CVE-2017-7185
# CSNC ID: CSNC
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: PingID (MFA) [1]
# Vendor: Ping Identity Corporation
# CSNC ID: CSNC
##
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
##
#
# Product: iText PDF Library
# Vendor: iText Group
# CVE ID: CVE-2017
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-030
# CVE ID
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: MyTy
# Vendor: Finlane GmbH
# CSNC ID: CSNC-2017-029
# CVE ID
rved CVE-2017-8802 for the issue
2017-12-12: Vendor released security fix & guidance to its customers
2018-01-10: Public disclosure
References:
---
[1] https://www.zimbra.com/
[2] https://www.synacor.com/
[3] https://www.compass-security.com/research/advisories/
[4] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
Windows Metafile Multiple Heap Overflows
Release Date:
November 8, 2005
Date Reported:
March 29, 2005
Severity:
High (Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows 2000
Windows Server 2003
Overview:
eEye Digital Security has discovered a heap overflow vulnerability in
the way th
Windows Metafile SetPalette Entries Heap OVerflow Vulnerability
(Graphics Rendering Engine Vulnerability)
Release Date:
November 8, 2005
Date Reported:
September 1, 2005
Severity:
High (Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows 2000
Windows XP SP0, SP1
Windows Server 2003 SP0
RealPlayer Data Packet Stack Overflow
Release Date:
November 10, 2005
Date Reported:
May 28, 2005
Severity:
High (Remote Code Execution)
Vendor:
RealNetworks
Systems Affected:
Windows:
RealPlayer 10.5 (6.0.12.1040-1235)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer
RealPlayer Zipped Skin File Buffer Overflow II
Release Date:
November 10, 2005
Date Reported:
June 26, 2005
Severity:
High (Code Execution)
Vendor:
RealNetworks
Systems Affected:
Windows:
RealPlayer 10.5 (6.0.12.1040-1235)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
Overvie
Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability
Release Date:
December 13, 2005
Date Reported:
May 23, 2005
External Refferences:
eEye ID# EEYEB-20050523
OSVDB ID# 18823
CVE # CAN-2005-2827
Microsoft # MS05-055
Severity:
Medium (Local Privilege Escalation to Kernel)
Syst
--
IRM Security Advisory No. 014
Sygate Protection Agent 5.0 vulnerability - A low privileged user can
disable the security agent
Vulnerablity Type / Importance: Security Protection Bypass / High
Problem discovered: November 2
--
IRM Security Advisory No. 013
Ultraapps Issue Manager is vulnerable to Privilege Escalation
Vulnerablity Type / Importance: Privilege Escalation / High
Problem discovered: November 25th 2005
Vendor contacted: November 25th 20
--
IRM Security Advisory No. 012
Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal
Attack
Vulnerablity Type / Importance: Information Leakage / High
Problem discovered: October 11th 2005
Vendor contacted: Octo
Our apologies, the incorrect CVE information was provided with our Apple
advisories today. The correct CVE numbers are;
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow =
CVE-2005-4092
[EEYEB-20051117A] Apple
EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow
Release Date:
January 10, 2006
Date Reported:
October 31, 2005
Severity:
High (Code Execution)
Patch Development Time (In Days):
71 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quick
EEYEB-20051229 Apple QuickTime QTIF Stack Overflow
Release Date:
January 10, 2006
Date Reported:
December 29, 2005
Patch Development Time (In Days):
12 days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac O
EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on M
EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac
___
Nomad Mobile Research Centre
A D V I S O R Y
www.nmrc.org
Simple Nomad [EMAIL PROTECTED]
EEYEB-20050801 Windows Embedded Open Type (EOT) Font Heap Overflow
Vulnerability
Release Date:
January 10, 2006
Date Reported:
July 31, 2005
Time to Patch:
163 Days
Severity:
High (Code Execution)
Systems Affected:
Windows ME
Windows 98
Windows NT
Windows 2000
Windows XP SP1 / SP2
Windows Serv
--
IRM Security Advisory No. 015
File system path disclosure on TYPO3 Web Content Manager
Vulnerablity Type / Importance: Information Leakage / Medium
Problem discovered: January 13th 2006
Vendor contacted: January 13th 2006
Adv
--
IRM Security Advisory No. 017
Multiple Vulnerabilities in Infovista Portal SE
Vulnerability Type / Importance:Directory Traversal / High
Information Leakage / Low
Proble
IRM Security Advisory No. 018
Winamp 5.13 m3u Playlist Buffer Overflow
Vulnerability Type / Importance:Unauthorised Code Execution / High
Problem Discovered: February 17th 2006
Vendor Contacted: February 17th 2006
Advisory Published: February 24th 2006
Abstract:
Nullsoft Winamp is a
Computer Terrorism (UK) :: Incident Response Centre
==
Security Advisory :: CT22-03-2006
---
Title: Microsoft Internet Explorer (mshtml.dll) - Remote Code
Execution
Organisation: Computer T
: http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
- ---
- From [1]:
"Using Java Web Start technology, standalone Java software applications
can be deployed
1 - 100 of 920 matches
Mail list logo