|
|
Prev week |
Colapse all |
Post message
ZDI-10-192: Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability 2010-10-06 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability 2010-10-06 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-193 October 6, 2010 -- CVE ID: CVE-2010-3632 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Acrobat -- Tipp [ more ] [ reply ] [USN-999-1] Kerberos vulnerability 2010-10-05 Kees Cook (kees ubuntu com) =========================================================== Ubuntu Security Notice USN-999-1 October 05, 2010 krb5 vulnerability CVE-2010-1322 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS Ubuntu 10.10 [ more ] [ reply ] ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability 2010-10-06 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-191 October 6, 2010 -- CVE ID: CVE-2010-3621 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability Detail [ more ] [ reply ] [USN-1001-1] LVM2 vulnerability 2010-10-06 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-1001-1 October 06, 2010 lvm2 vulnerability CVE-2010-2526 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 [ more ] [ reply ] ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSAR Authentication Client when storing secret key objects on an RSA SecurIDR 800 Authenticator 2010-10-06 Security_Alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSA® Authentication Client when storing secret key objects on an RSA SecurID® 800 Authenticator RSA Authenticatio [ more ] [ reply ] (CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability 2010-10-06 CORE Security Technologies Advisories (advisories coresecurity com) [Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1 2010-10-05 Moritz Naumann (security moritz-naumann com) Hi, Squirrelmail plugin 'Virtual Keyboard' version 0.9.1 and lower is vulnerable to cross site scripting (XSS). The vkeyboard.php script fails to sanitize the value of HTTP GET parameter 'passformname' which the script stores in a variable of the same name and outputs (unmodified) into a HTML docu [ more ] [ reply ] Vulnerabilities in CMS WebManager-Pro 2010-10-05 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about Arbitrary File Uploading and Code Execution vulnerabilities in CMS WebManager-Pro. It's Ukrainian commercial CMS. SecurityVulns ID: 11176. ------------------------- Affected products: ------------------------- Vulnerable are both systems CMS WebManager-Pro [ more ] [ reply ] MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling 2010-10-05 Tom Yu (tlyu mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2010-006 MIT krb5 Security Advisory 2010-006 Original release: 2010-10-05 Topic: KDC uninitialized pointer crash in authorization data handling CVE-2010-1322 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C CVSSv2 Base Score: [ more ] [ reply ] [security bulletin] HPSBTU02496 SSRT090245 rev.1 - HP Tru64 UNIX Running NTP, Denial of Service (DoS) 2010-10-05 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01961950 Version: 1 HPSBTU02496 SSRT090245 rev.1 - HP Tru64 UNIX Running NTP, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] XSS vulnerability in Elxis CMS polls module 2010-10-05 advisory htbridge ch Vulnerability ID: HTB22616 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms_polls_mod ule.html Product: Elxis CMS Vendor: Elxis Team ( http://www.elxis.org/ ) Vulnerable Version: 2009.2 electra rev2631 and probably prior versions Vendor Notification: 20 September 2010 Vulne [ more ] [ reply ] XSS vulnerability in Elxis CMS (contacts) 2010-10-05 advisory htbridge ch Vulnerability ID: HTB22615 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms_contacts. html Product: Elxis CMS Vendor: Elxis Team ( http://www.elxis.org/ ) Vulnerable Version: 2009.2 electra rev2631 and probably prior versions Vendor Notification: 20 September 2010 Vulnerabi [ more ] [ reply ] XSS vulnerability in Elxis CMS 2010-10-05 advisory htbridge ch Vulnerability ID: HTB22614 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms.html Product: Elxis CMS Vendor: Elxis Team ( http://www.elxis.org/ ) Vulnerable Version: 2009.2 electra rev2631 and probably prior versions Vendor Notification: 20 September 2010 Vulnerability Type [ more ] [ reply ] XSS vulnerability in Docebo Announcements 2010-10-05 advisory htbridge ch Vulnerability ID: HTB22612 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_docebo_announcement s.html Product: Docebo Vendor: Docebo ( http://www.docebo.org/ ) Vulnerable Version: 3.6.0.4 and probably prior versions Vendor Notification: 20 September 2010 Vulnerability Type: XSS (Cro [ more ] [ reply ] [SECURITY] [DSA-2116-1] New freetype packages integer overflow 2010-10-04 Stefan Fritsch (sf debian org) SQL injection vulnerability in Elxis CMS 2010-10-05 advisory htbridge ch Vulnerability ID: HTB22613 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_elxis_cms .html Product: Elxis CMS Vendor: Elxis Team ( http://www.elxis.org/ ) Vulnerable Version: 2009.2 electra rev2631 and probably prior versions Vendor Notification: 20 September 2010 Vulnerab [ more ] [ reply ] OWASP ZAP 2010-10-05 psiinon (psiinon gmail com) I'm pleased to announce that the Zed Attack Proxy has been accepted as an OWASP project. Its new homepage is here: http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project The next release of OWASP ZAP, planned for later this year, is expected to include: * OWASP rebranding * Improvem [ more ] [ reply ] [SECURITY] [DSA-2117-1] New apr-util packages fix denial of service 2010-10-04 Stefan Fritsch (sf debian org) [STANKOINFORMZASCHITA-10-02] ITS SCADA Authorization bypass 2010-10-03 info itdefence ru [STANKOINFORMZASCHITA-10-02] ITS SCADA ? Authorization bypass Authors: Eugene Salov (eugene (at) itdefence (dot) ru [email concealed]), Andrej Komarov (komarov (at) itdefence (dot) ru [email concealed]) Product: ITS SCADA CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:R/C:C/I:C/A:C) Impact Subscore: 10.0 Exploitability Subscore: 8.0 Availability of exploit: Yes [ more ] [ reply ] ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability 2010-10-01 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell iManager -- Tippi [ more ] [ reply ] ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability 2010-10-01 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-189 October 1, 2010 -- CVSS: 7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C) -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPoint(TM) IPS Custo [ more ] [ reply ] NetWin Surgemail XSS vulnerability 2010-10-04 kerem kocaer bitsec se Application NetWin Surgemail 4.3e Vendor NetWin - http://netwinsite.com Discovered by Kerem Kocaer <kerem.kocaer (at) bitsec (dot) se [email concealed]> Problem ------- Cross-site scripting (XSS) vulnerability in the Surgemail webmail login page (/surgemail) allows remote attackers to inject arbitrary web script o [ more ] [ reply ] |
|
Privacy Statement |
http://www.zerodayinitiative.com/advisories/ZDI-10-192
October 6, 2010
-- CVE ID:
CVE-2010-3622
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
-- Vulnerability
[ more ] [ reply ]