VirtueMart Shopping Cart

Custom-BuiltPCs.com
Your Cart is currently empty.

Home Section Blog
Example of Section Blog layout (FAQ section)
Blacklisted Scamming Companies PDF Print E-mail
Written by Administrator   
Thursday, 06 April 2017 10:35

These are companies recognized by malwarebytes as scamming artists because they meet these criteria:

  • #1 Pretends to be working for Microsoft, ‘Windows’ or Malwarebytes.
  • #2 Uses misleading tactics to force a sale.
  • #3 Finds viruses, malware or an infection on a perfectly clean system.
  • #4 Validates a fraudulent popup or page as legitimate.

fakewarning

  • Geeks Technical Support LLC
    Website(s):malware-support-help.org, geeksdrivesavers.com
  • Thy Tech Support
    Website(s):ThyTechSupport.com
  • OMG Tech Help
    Website(s): omgtechhelp.com
  • HPC Techs LLC
    Website(s): hpctechs.com
  • Your 365 Tech Support
    Website(s): your365techsupport.com
  • Tech Support Experts (could be linked to MyTechGurus)
    Website(s): tech-support-experts.com, chat123.us
  • Microtek Support
    Website(s): microteksupport.com
  • MyPCTech24
    Website(s): mypctech24.com
  • Yoda Care
    Website(s): yodacare.com
  • OneBit IT
    Website(s): onebitit.com
  • iTech Expert
    Website(s): itechexpert.us
  • Tech World Wide Helpdesk
    Website(s): techworldwide.org
  • LiveTechOnCall, Live Tech On Call, AVIVO LLC
    Website(s): livetechoncall.com
  • American Tec Help
    Website(s): americantechelp.com
  • ProcomSupport247
    Website(s): procomsupport247.com
  • Cump Tech Media Pvt Ltd
    xevoke.com,onlineinstanthelp.com
  • E-Racer Tech (Clean IT PC)
    Website(s): e-racertech.com, cleanitpc.com
  • Ecomputer Support
    Website(s): ecomputersupport.net 
  • OMG Tech Help
    omgtechhelp.com
  • SysCare247
    Website(s): syscare247.com
  • 247 Support Experts
    Website(s): 247supportexperts.com, 3wayhelp.com
  • AOLrisk
    Website(s): aolrisk.com
  • Condis Services
    Website(s): condiservices.com
  • PC Tech Clinic
    Website(s): pctechclinic.com
  • Comlogic
    Website(s): comlogicinc.com
  • 1844desktop
    Website(s): 1844desktop.com, allinonetech.net, allinonetech.us
  • Internet Security Protect
    Website(s): internetsecurityprotect.com
  • iMax Support
    Website(s): imaxsupport.com, fix247.org
  • TechFix Pro
    Website(s): techfixpro.com
  • Compute My PC
    Website(s): computemypc.com
  • iGennie
    Website(s): igennie.net
  • PC Toolkit Pro
    Website(s): pctoolkitpro.com
  • Click4Support
    Website(s): lickforsupport.net, webtechmasterhelp.com, techsupportcenter.org, techsupportive.com
  • GBM Support
    Website(s): gbmsupport.net
  • MegaITSupport
    Website(s): megaitsupport.com
  • My Tech Gurus
    Website(s): mytechgurus.com
  • PC Mask
    Website(s): pcmask.com
  • PC Smart Care
    Website(s): pcsmartcare.com, pcsmartcare.us
  • Speak Support
    Website(s): speaksupport.com, 121usa.com  
  • 365 Tech Help
    Website(s): 365techhelp.co/bng/slow-pc, fastsupport.com









 
Testimonials PDF Print E-mail

CBPC Testimonials

Here are some of our customers own words about Custom-BuiltPCs.com.

Got the computer on Monday, but due to our schedule, didn’t get it all set up until last night.   Everything looks great.  My son loves it, and what I like best is that clean menu.  It’s the first computer that I’ve had (since my original 486 back in ’95) that wasn’t full of junk software from the vendor.  Your selections seem right on the money to me and there is nothing there that I have to wonder “what the ___ is this?!” Thanks for all your great service and a great product.  I expect that I will order from you again in the future.

David

Wife and I had been searching for a new desktop that would do for her and family pictures and the games for the grand kids. Found a lot of sites that build custom PCs but Matt was the only place that wanted to help a couple of old people. He shot us a few different builds and we picked the one we liked and fit our budget. They put it right together and ran it up and down the street a few days and shipped it right out to us. The box it came in was very well packed. Plugged it in, turned it on and it ran like nothing we ever had before. Fast and quiet. The next couple days Matt done the personal touch and helped us tweak a few things. If you need a very well built custom PC, Matt and his crew are the people to talk to. A big thanks to Matt and the guys that put it all together for us.


Chuck & Sandy


Dear Matt,

We wanted to take this opportunity to thank you for donating the USB jump drives and giving us a discount on the computers to the Ironton High School After Prom committee. The committee will be able to put on a successful After prom and keep our students safe the night of prom because of the help of your donation. The committee and the students sincerely thank you for your involvement in this special evening.





Hi Matt, 
I got cables yesterday everything is good.  Thanks for quick service. 
Dave



Matt, It is very comforting to have someone "LOCAL" that is very knowledgeable about diagnosing and repairing computers. I find that your business does far more than that. You built my computer to what my needs were; as well as install any operating system I want.(Windows-Linux) The computer you built for me is excellent.Your service is outstanding and dependable. Thanks...Bill



Hello Matt:

In February 2010 you built me a Windows 7 PC unit (with monitor) and installed it.  I just wanted to EMail you to say that this computer has been the best I have had - bar none - and I have had quite a few of the "off the shelf" units.   I use some of the "freebie" software to keep it "cleaned out" and it continues to work as well as when I purchased it from you.

Please know that I have been very well satisfied with this unit and should I need your talents in the future, I'll be sure to "knock on your door"

Thanks.


Brenton Massie






Very professional! Great Work and he is right there to always help!

Gary Morgan
CEO/tenor
Gospel River Boys, LLC
www.gospelriverboys.com






Custom-built PCs rescued my new laptop (that I bought elsewhere) from some serious problems that the factory would not help me with over the phone, even though I have a one-year warranty. Not only did Custom-built PCs fix my computer, but it was fixed quickly since I expressed concern about having it back in time to complete assignments for my online class. The service was professional, excellent, and personal, the communication outstanding, and the price fair and reasonable. My only regret is that I did not buy my laptop from Custom-built PCs. I won't make that mistake again. There's no comparison with getting honest, in-person service from a business built on integrity and expertise at Custom-built PCs, to a mega company who only provides phone support from a foreign country and doesn't back their warranties. Ronda Williams






Windows 7 is awesome,we are still learning the new system, but it is great so far. Custom-BuiltPCs is the best, they are fast and Matt knows his stuff. We give them an A+ in our book. We will be back to shop for a laptop. There computers are the best on the market, Built for your needs.
Jeff



CBPC Store Hours

Last Updated on Wednesday, 11 March 2015 15:15
 
Security Bulletins PDF Print E-mail

July 23, 2010
T-401: Multiple Mozilla Product Vulnerabilites Mozilla has released multiple vulnerability advisories. Most of Mozillas software has been updated this week to address these issues. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-401.shtml


July 23, 2010
2010-07-23: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
http://www.securityfocus.com/bid/36935


July 23, 2010
2010-07-23: Microsoft Internet Explorer 'onreadystatechange' Event Handler Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/39027


July 23, 2010
2010-07-23: Multiple Mozilla Products CSS Selectors Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41872


July 23, 2010
2010-07-23: Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41871


July 23, 2010
2010-07-23: Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.
http://www.securityfocus.com/bid/33276


July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41090


July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41853


July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird Character Mapping Security Weakness Mozilla Firefox and Thunderbird are prone to a weakness that may contribute to cross-site scripting issues.
http://www.securityfocus.com/bid/41866


July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey 'NodeIterator' Use-After-Free Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41845


July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41093


July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird 'SJOW' Privilege Escalation Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploitation allows attackers to execute arbitrary JavaScript code with chrome privileges.
http://www.securityfocus.com/bid/41868


July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1211 Remote Memory Corruption Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41859


July 23, 2010
2010-07-23: Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41099


July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41842


July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41852


July 23, 2010
2010-07-23: Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41094


July 23, 2010
2010-07-23: Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41860


July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey DOM Cloning Remote Code Execution Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41849


July 23, 2010
2010-07-23: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41087


July 23, 2010
2010-07-23: Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.
http://www.securityfocus.com/bid/41103


July 23, 2010
2010-07-23: Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41102


July 23, 2010
2010-07-23: Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
http://www.securityfocus.com/bid/41082


July 23, 2010
2010-07-23: libpng Memory Corruption and Memory Leak Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.
http://www.securityfocus.com/bid/41174


July 23, 2010
2010-07-23: Mozilla Firefox 'about:blank' Document URI Spoofing Vulnerability Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.
http://www.securityfocus.com/bid/41055


July 23, 2010
2010-07-23: Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/40701


July 23, 2010
2010-07-23: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
http://www.securityfocus.com/bid/38952


July 23, 2010
2010-07-23: Mozilla Firefox and Thunderbird Canvas Element Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.
http://www.securityfocus.com/bid/41878


July 23, 2010
2010-07-23: Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1212 Remote Memory Corruption Vulnerability An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41865


July 23, 2010
2010-07-23: ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability An attacker can exploit this issue to cause the application to fall into an infinite loop, denying service to legitimate users.
http://www.securityfocus.com/bid/41730


July 23, 2010
2010-07-23: PhotoPost PHP 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41916


July 23, 2010
2010-07-23: iputils 'ping.c' Remote Denial Of Service Vulnerability iputils is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets. A successful attack allows a remote attacker to hang the application, denying further service to legitimate users.
http://www.securityfocus.com/bid/41911

 

July 09, 2010
2010-07-09: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/37874


July 09, 2010
2010-07-09: CMS ISWEB SQL Injection and Cross Site Scripting Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/32823


July 09, 2010
2010-07-09: Softwex CMS 'news_details.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41512


July 09, 2010
2010-07-09: QuickFAQ Component for Joomla! 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.securityfocus.com/bid/41508


July 09, 2010
2010-07-09: Real Estate Manager 'index.php' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.securityfocus.com/bid/41507


July 09, 2010
2010-07-09: MP3 Cutter MP3 File Processing Remote Denial of Service Vulnerability An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.
http://www.securityfocus.com/bid/41506


July 08, 2010
T-393: iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability Multiple implementations of iSCSI Enterprise Target are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. This risk is High.
http://www.doecirc.energy.gov/bulletins/t-393.shtml


July 08, 2010
2010-07-08: Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
http://www.securityfocus.com/bid/41462


July 08, 2010
2010-07-08: Ubisoft Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow Vulnerabilities Successful exploits may allow attackers to cause denial-of-service conditions. Due to the nature of these issues, code-execution may also be possible, but this has not been confirmed.
http://www.securityfocus.com/bid/41459


July 08, 2010
2010-07-08: Pithcms Multiple File Include Vulnerabilities Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
http://www.securityfocus.com/bid/41461


July 08, 2010
2010-07-08: Linux Kernel GFS/GFS2 Local Denial of Service Vulnerability Attackers can exploit this issue to cause the kernel to panic, resulting in a denial-of-service condition.
http://www.securityfocus.com/bid/39101


July 08, 2010
2010-07-08: W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
http://www.securityfocus.com/bid/40837


July 08, 2010
2010-07-08: Linux Kernel 'btrfs' File Permissions Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/41467


July 08, 2010
2010-07-08: Linux Kernel ethtool 'info.rule_cnt' Local Buffer Overflow Vulnerability Local attackers may be able to exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts may crash the affected kernel, denying service to legitimate users.
http://www.securityfocus.com/bid/41223


July 08, 2010
2010-07-08: Linux Kernel 'pppol2tp_xmit' Null Pointer Deference Denial of Service Vulnerability An attacker may exploit this issue to cause denial-of-service conditions.
http://www.securityfocus.com/bid/41077


July 08, 2010
2010-07-08: Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability Attackers can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
http://www.securityfocus.com/bid/39719


July 08, 2010
2010-07-08: Ghostscript 'gs_init.ps' With '-P-' Flag Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
http://www.securityfocus.com/bid/40467


July 08, 2010
2010-07-08: Ghostscript Insecure Temporary File Creation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
http://www.securityfocus.com/bid/40426


July 08, 2010
2010-07-08: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/40502


July 08, 2010
2010-07-08: Joomla! ArtForms Component Multiple Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or disclose sensitive information.
http://www.securityfocus.com/bid/41457


July 08, 2010
2010-07-08: LibTIFF Multiple Remote Code Execution Vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of a user running an application that uses the affected library. Failed exploit attempts will crash the application.
http://www.securityfocus.com/bid/41088


July 08, 2010
2010-07-08: Mini-stream Ripper '.pls' File Remote Buffer Overflow Vulnerability Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/41332


July 08, 2010
2010-07-08: iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow Vulnerability An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/41327


July 08, 2010
2010-07-08: Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
http://www.securityfocus.com/bid/40884


July 08, 2010
2010-07-08: libpng Memory Corruption and Memory Leak Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.
http://www.securityfocus.com/bid/41174


July 08, 2010
2010-07-08: Mini-stream Software CastRipper '.pls' File Remote Stack Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
http://www.securityfocus.com/bid/40626


July 08, 2010
2010-07-08: Pango Glyph Definition Table Denial of Service Vulnerability Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users.
http://www.securityfocus.com/bid/38760


July 08, 2010
2010-07-08: PAM MOTD Module Local Privilege Escalation Vulnerability Attackers can exploit this issue to gain escalated privileges.
http://www.securityfocus.com/bid/41465


July 08, 2010
2010-07-08: CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application.
http://www.securityfocus.com/bid/40889


July 08, 2010
2010-07-08: CUPS Web Interface Information Disclosure Vulnerability Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
http://www.securityfocus.com/bid/40897


July 08, 2010
2010-07-08: CUPS 'cupsDoAuthentication()' Infinite Loop Denial of Service Vulnerability An attacker can exploit this issue to cause the affected application to fall into an infinite loop, denying service to legitimate users.
http://www.securityfocus.com/bid/41126


July 08, 2010
2010-07-08: CUPS 'cupsFileOpen' function Symlink Attack Local Privilege Escalation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
http://www.securityfocus.com/bid/41131


July 08, 2010
2010-07-08: CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial-of-service conditions.
http://www.securityfocus.com/bid/40943


July 08, 2010
2010-07-08: Adobe Acrobat and Reader (CVE-2010-2208) Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.
http://www.securityfocus.com/bid/41244


July 08, 2010
2010-07-08: Adobe Acrobat and Reader Flash Content Parsing Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41245


July 08, 2010
2010-07-08: Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.
http://www.securityfocus.com/bid/41236


July 08, 2010
2010-07-08: Adobe Acrobat and Reader CLOD Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
http://www.securityfocus.com/bid/41234


July 08, 2010
2010-07-08: Linux Kernel GFS2 File Attribute Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/40356


July 08, 2010
2010-07-08: Linux Kernel Btrfs Cloned File Security Bypass Vulnerability An attacker can exploit this issue to clone a file only open for writing. This may allow attackers to obtain sensitive data or launch further attacks.
http://www.securityfocus.com/bid/40241


July 08, 2010
2010-07-08: Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability A remote attacker may exploit this issue to crash the affected application, denying further service to legitimate users.
http://www.securityfocus.com/bid/41075


July 08, 2010
2010-07-08: UFO: Alien Invasion IRC Client Multiple Remote Buffer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
http://www.securityfocus.com/bid/41004

 

 


 

 

 

June 25, 2010

2010-06-25: Winplot '.wp2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/40879

 

 

June 25, 2010

2010-06-25: Simple Machines Forum Change Administrator Password Security Bypass Vulnerability Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform administrative actions.

http://www.securityfocus.com/bid/41150

 

 

June 25, 2010

2010-06-25: FieldNotes 32 '.dxf' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41147

 

 

June 25, 2010

2010-06-25: 2daybiz Matrimonial Script SQL Injection and Cross Site Scripting Vulnerabilities Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/41146

 

 

June 25, 2010

2010-06-25: WM Downloader '.m3u' File Remote Stack Buffer Overflow Vulnerability Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41145

 

 

June 25, 2010

2010-06-25: activeCollab 'index.php' Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/41142

 

 

June 25, 2010

2010-06-25: Bugzilla 'time-tracking' Information Disclosure Vulnerability Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.

http://www.securityfocus.com/bid/41141

 

 

June 25, 2010

2010-06-25: AbleSpace 'news.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/41139

 

 

June 24, 2010

T-388: ISC DHCP Server find_length() Zero-Length Client Identifier Remote Denial Of Service Vulnerability ISC DHCP Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-388.shtml

 

 

June 24, 2010

2010-06-24: Mozilla Firefox CVE-2010-1201 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41093

 

 

June 24, 2010

2010-06-24: Mozilla Firefox and SeaMonkey Plugin Object Reference Remote Code Execution Vulnerability Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.

http://www.securityfocus.com/bid/41102

 

 

June 24, 2010

2010-06-24: Mozilla Firefox/SeaMonkey Attachment With Content-Disposition HTTP Header Bypass Vulnerability Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.

http://www.securityfocus.com/bid/41103

 

 

June 24, 2010

2010-06-24: Mozilla Firefox CVE-2010-1202 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41094

 

 

June 24, 2010

2010-06-24: Mozilla Firefox CVE-2010-1200 Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41090

 

 

June 24, 2010

2010-06-24: Mozilla Firefox 'jstracer.cpp' Memory Corruption Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41099

 

 

June 24, 2010

2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41087

 

 

June 24, 2010

2010-06-24: Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41082

 

 

June 24, 2010

2010-06-24: Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.

http://www.securityfocus.com/bid/33276

 

 

June 24, 2010

2010-06-24: Mozilla Firefox Keyboard Focus Cross Domain Information Disclosure Vulnerability An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.

http://www.securityfocus.com/bid/40701

 

 

June 24, 2010

2010-06-24: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

http://www.securityfocus.com/bid/38952

 

 

June 24, 2010

2010-06-24: Mozilla Firefox & SeaMonkey 'nsCycleCollector::MarkRoots()' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/41100

 

June 24, 2010

2010-06-24: Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.securityfocus.com/bid/25237

 

 

June 24, 2010

2010-06-24: LibTIFF 'TIFFroundup()' Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

http://www.securityfocus.com/bid/41011

 

 

June 24, 2010

2010-06-24: LibTIFF Multiple Remote Integer Overflow Vulnerabilities An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

http://www.securityfocus.com/bid/35652

 

 

June 24, 2010

2010-06-24: LibTIFF FAX3 Decoder Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

http://www.securityfocus.com/bid/40823

 

 

June 24, 2010

2010-06-24: LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

http://www.securityfocus.com/bid/35451

 

 

June 24, 2010

2010-06-24: ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.

http://www.securityfocus.com/bid/35669

 

 

June 24, 2010

2010-06-24: ISC DHCP Server "find_length()" Zero-Length Client Identifier Remote Denial Of Service Vulnerability Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.

http://www.securityfocus.com/bid/40775

 

 

June 24, 2010

2010-06-24: ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

http://www.securityfocus.com/bid/35668

 

 

June 24, 2010

2010-06-24: Belitsoft E-portfolio Joomla! Component Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

http://www.securityfocus.com/bid/40994

 

 

June 24, 2010

2010-06-24: TeX Live '.dvi' File Parsing (CVE-2010-0827) Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39971

 

 

June 24, 2010

2010-06-24: IsolSoft Support Center 'lang' Parameter Multiple Input Validation Vulnerabilities An attacker can exploit these issues to execute arbitrary local and remote files within the context of the webserver, execute arbitrary script code, and steal cookie-based authentication credentials.

http://www.securityfocus.com/bid/35997

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2169) Invalid Pointer Remote Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40807

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR URI Parsing Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy, execute arbitrary script code and obtain potentially sensitive information, or launch spoofing attacks against other sites.

http://www.securityfocus.com/bid/40808

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2173) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40800

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2009-3793) Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40809

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2183) Integer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40793

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2178) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40790

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR 'DefineBit' Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40784

 

 

June 24, 2010

2010-06-24: Adobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability Adobe Flash Player, Adobe Reader, and Adobe Acrobat are prone to a remote code execution vulnerability. Adobe has reported that this vulnerability is being exploited in the wild.

http://www.securityfocus.com/bid/40586

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2174) Invalid Pointer Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40805

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2185) Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40806

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2162) Heap Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

 

http://www.securityfocus.com/bid/40801

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2167) Multiple Heap Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40802

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2163) Multiple Remote Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40803

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2166) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40783

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2187) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40797

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2186) Remote Denial of Service Vulnerability Attackers can exploit this issue to crash the application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed.

http://www.securityfocus.com/bid/40786

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2177) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40788

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR (CVE-2010-2175) Unspecified Memory Corruption Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40785

 

 

June 24, 2010

2010-06-24: Adobe Flash Player and AIR Image Processing Use After Free Remote Code Execution Vulnerability An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/40780

 

 

June 24, 2010

2010-06-24: Adobe Flash Player (CVE-2010-2161) Memory Index Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

http://www.securityfocus.com/bid/40781

 

 

June 24, 2010

2010-06-24: GNU gzip LZW Compression Remote Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/37886

 

 

June 24, 2010

2010-06-24: Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities The Perl Safe module is prone to multiple restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root.

http://www.securityfocus.com/bid/40302

 

 

June 24, 2010

2010-06-24: dvipng '.dvi' File Parsing Remote Code Execution Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39969

 

 

June 24, 2010

2010-06-24: Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability Attackers can exploit this issue by enticing victims into opening a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

http://www.securityfocus.com/bid/36945

 

 

June 24, 2010

2010-06-24: MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the kadmind service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

http://www.securityfocus.com/bid/40235

 

 

June 24, 2010

2010-06-24: MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/24657

 

 

June 24, 2010

2010-06-24: MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

http://www.securityfocus.com/bid/24655

 

 

June 24, 2010

2010-06-24: MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

http://www.securityfocus.com/bid/24653

 

 

June 24, 2010

2010-06-24: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/39013

 

 

June 24, 2010

2010-06-24: OpenSSL 'EVP_PKEY_verify_recover()' Invalid Return Value Security Bypass Vulnerability Successful exploit may allow attackers to potentially bypass key checks in applications using the affected library; other attacks are also possible.

http://www.securityfocus.com/bid/40503

 

 

June 24, 2010

2010-06-24: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/38533

 

 

June 24, 2010

2010-06-24: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/40502

 

 

June 24, 2010

2010-06-24: BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

http://www.securityfocus.com/bid/35918

 

 

June 24, 2010

2010-06-24: PulseAudio Insecure Temporary File Creation Vulnerability An attacker with local access could potentially exploit this issue to perform symbolic-link attacks. Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.

http://www.securityfocus.com/bid/38768

 

 

June 24, 2010

2010-06-24: SmartISoft phpBazar 'picturelib.php' Remote File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/40546

 

 

June 24, 2010

2010-06-24: Limny 'q' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/41152

 

 

June 24, 2010

2010-06-24: Bugzilla 'localconfig' Information Disclosure Vulnerability Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.

http://www.securityfocus.com/bid/41144

 

 

June 24, 2010

2010-06-24: Google Chrome prior to 5.0.375.86 Multiple Security Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, and carry out cross-domain scripting attacks; other attacks are also possible.

http://www.securityfocus.com/bid/41138

 

 

June 24, 2010

2010-06-24: Wingeom '.wg2' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41137

 

 

June 24, 2010

2010-06-24: Wincalc '.num' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41136

 

 

June 24, 2010

2010-06-24: Big Forum 'forum.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/41135

 

 

June 24, 2010

2010-06-24: S2 NetBox Multiple Information Disclosure Vulnerabilities

S2 NetBox is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information through authentication. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks.

http://www.securityfocus.com/bid/41134

 

 

June 24, 2010

2010-06-24: Big Forum Local File Include and Arbitrary File Upload Vulnerabilities An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.

http://www.securityfocus.com/bid/41133

 

 

June 24, 2010

2010-06-24: Adobe Acrobat and Reader June 2010 Advance Multiple Remote Vulnerabilities Adobe released an advance advisory regarding multiple issues in Reader and Acrobat. The vendor plans to address these issues on June 29, 2010.

http://www.securityfocus.com/bid/41130

 

 

June 24, 2010

2010-06-24: Twitter for iPhone Unspecified Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41129

 

 

June 24, 2010

2010-06-24: Winstats '.fma' File Parsing Remote Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/41128

 

 

June 24, 2010

2010-06-24: Fenrir ActiveGeckoBrowser Unspecified Denial Of Service Vulnerability An attacker can exploit this issue to cause the vulnerable application to crash, denying service to legitimate users. Arbitrary code execution may also be possible.

http://www.securityfocus.com/bid/41127

 

 

June 24, 2010

2010-06-24: Lois Software WebDB Script Multiple SQL Injection Vulnerabilities Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/41124

 

 

June 23, 2010

T-387: Mozilla Firefox/Thunderbird/SeaMonkey MFSA The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. These vulnerabilities allow attackers to execute arbitrary machine code in the context of the vulnerable application, crash affected applications, and perform cross-site scripting attacks; other attacks may also be possible. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-387.shtml

 

 

June 22, 2010

T-386: Apple Safari Authentication Data URI Spoofing Vulnerability Apple Safari is prone to a domain-spoofing vulnerability. Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-386.shtml

 

 

June 18, 2010

T-385: Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability Apple Mac OS X is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-385.shtml

 

 

 

April 23, 2010

2010-04-23: IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.

http://www.securityfocus.com/bid/37976

 

 

April 23, 2010

2010-04-23: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.

http://www.securityfocus.com/bid/36935

 

 

April 23, 2010

2010-04-23: Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

http://www.securityfocus.com/bid/38362

 

 

April 23, 2010

2010-04-23: Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions.

http://www.securityfocus.com/bid/38491

 

 

April 23, 2010

2010-04-23: Apache Subrequest Handling Information Disclosure Vulnerability Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions.

http://www.securityfocus.com/bid/38580

 

 

April 23, 2010

2010-04-23: In-Portal 'config.php' Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

http://www.securityfocus.com/bid/39652

 

 

April 22, 2010

T-354: Microsoft Security Bulletin

This bulletin discloses a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. This risk is high.

http://www.doecirc.energy.gov/bulletins/t-354.shtml

 

 

April 22, 2010

2010-04-22: AlphaUserPoints Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39393

 

 

April 22, 2010

2010-04-22: Multi-Venue Restaurant Menu Manager Joomla! Component 'mid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39382

 

 

April 22, 2010

2010-04-22: Joomla! 'com_properties' Component 'aid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39374

 

 

April 22, 2010

2010-04-22: Gadget Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39547

 

 

April 22, 2010

2010-04-22: PHP 'mbstring' Extension Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

http://www.securityfocus.com/bid/32948

 

 

April 22, 2010

2010-04-22: OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/35174

 

 

April 22, 2010

2010-04-22: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities OpenSSL is prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions.

http://www.securityfocus.com/bid/35001

 

 

April 22, 2010

2010-04-22: Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.securityfocus.com/bid/28380

 

 

April 22, 2010

2010-04-22: libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

http://www.securityfocus.com/bid/32326

 

 

April 22, 2010

2010-04-22: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.

http://www.securityfocus.com/bid/35138

 

 

April 22, 2010

2010-04-22: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

http://www.securityfocus.com/bid/37865

 

 

April 22, 2010

2010-04-22: Microsoft Publisher File Conversion Textbox Remote Buffer Overflow Vulnerability An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

http://www.securityfocus.com/bid/39347

 

 

April 22, 2010

2010-04-22: Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation Vulnerability An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service.

http://www.securityfocus.com/bid/39323

 

 

April 22, 2010

2010-04-22: VLC Media Player 1.0.5 And Prior Multiple Security Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/39629

 

 

April 22, 2010

2010-04-22: Xftp 'PWD' Response Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39628

 

 

April 22, 2010

2010-04-22: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/39013

 

 

April 22, 2010

2010-04-22: MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer. Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39599

 

 

April 22, 2010

2010-04-22: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability An attacker can exploit this issue to forward a user's NTLM (NT LAN Manager) credentials used in one application to gain unauthorized access to another application.

http://www.securityfocus.com/bid/37366

 

 

April 22, 2010

2010-04-22: Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions.

http://www.securityfocus.com/bid/36851

 

 

April 22, 2010

2010-04-22: Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.

http://www.securityfocus.com/bid/35769

 

 

April 22, 2010

2010-04-22: Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files.

http://www.securityfocus.com/bid/36867

 

 

April 22, 2010

2010-04-22: Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities An attacker can exploit these issues to obtain potentially sensitive information, execute arbitrary code, elevate privileges, and cause denial-of-service conditions.

http://www.securityfocus.com/bid/36343

 

 

April 22, 2010

2010-04-22: Mozilla Thunderbird Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code but this has not been confirmed.

http://www.securityfocus.com/bid/38831

 

 

April 22, 2010

2010-04-22: Mozilla SeaMonkey Scriptable Plugin Content Security Bypass Vulnerability Attackers can exploit this issue to bypass restrictions, which may allow them to obtain sensitive information or launch other attacks.

http://www.securityfocus.com/bid/38830

 

 

April 22, 2010

2010-04-22: Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

http://www.securityfocus.com/bid/37543

 

 

April 22, 2010

2010-04-22: W2B phpGreetCards 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39656

 

 

April 22, 2010

2010-04-22: AJ Matrix 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39654

 

 

April 22, 2010

2010-04-22: Huawei EchoLife HG520c 'AutoRestart.html' Authentication Bypass Vulnerability Attackers can leverage this issue to restart the device without proper authentication. Successful exploits may lead to other attacks.

http://www.securityfocus.com/bid/39650

 

 

April 22, 2010

2010-04-22: FlashCard 'id' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39648

 

 

April 22, 2010

2010-04-22: Huawei EchoLife HG520 Remote Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

http://www.securityfocus.com/bid/39646

 

 

April 22, 2010

2010-04-22: JCaptcha Sound File CAPTCHA Security Bypass Vulnerability Successfully exploiting this issue may allow attackers to perform automated attacks on the affected application.

http://www.securityfocus.com/bid/39643

 

 

April 22, 2010

2010-04-22: EDraw Flowchart ActiveX Control '.edd' File Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39642

 

 

April 22, 2010

2010-04-22: EDraw Flowchart ActiveX Control 'OpenDocument()' Method Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39641

 

 

April 22, 2010

2010-04-22: HTC Touch SMS Preview Popup HTML Injection Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user within the context of the affected browser. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39640

 

 

April 22, 2010

2010-04-22: Cacti Multiple Input Validation Security Vulnerabilities Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

http://www.securityfocus.com/bid/39639

 

 

April 22, 2010

2010-04-22: HP Virtual Machine Manager for Windows Unspecified Remote Privilege Escalation Vulnerability Authenticated attackers can exploit this issue to gain SYSTEM-level privileges on the affected computer.

http://www.securityfocus.com/bid/39637

 

 

April 22, 2010

2010-04-22: Apache ActiveMQ Source Code Information Disclosure Vulnerability An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.

http://www.securityfocus.com/bid/39636

 

 

April 22, 2010

2010-04-22: Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may lead to further attacks.

http://www.securityfocus.com/bid/39635

 

 

April 22, 2010

2010-04-22: SimpleCaddy Component for Joomla! Unspecified Security Vulnerability The SimpleCaddy (com_caddy) component for Joomla! is prone to an unspecified remote security vulnerability. Remote attackers can exploit this issue to perform unauthorized manipulation of certain data.

http://www.securityfocus.com/bid/39634

 

 

April 22, 2010

2010-04-22: HP System Management Homepage CVE-2010-1034 Unspecified Remote Vulnerability Remote authenticated attackers can exploit this issue to compromise the confidentially, integrity and the availability of the affected application.

http://www.securityfocus.com/bid/39632

 

 

April 22, 2010

2010-04-22: Microsoft Windows 'SfnINSTRING' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition.

http://www.securityfocus.com/bid/39631

 

 

April 22, 2010

2010-04-22: Microsoft Windows 'SfnLOGONNOTIFY' Local Denial Of Service Vulnerability Attackers can exploit this issue to cause affected computers to crash, causing a denial-of-service condition.

http://www.securityfocus.com/bid/39630

 

 

April 22, 2010

2010-04-22: Rising Antivirus 2010 'RsAssist.sys' Driver IOCTL Handling Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39627

 

 

April 21, 2010

T-353: McAfee DAT 5958 Update Causes Issues McAfee anti-virus software is erroneously detecting svchost.exe as a virus causing multiple issues. We have received several reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. It is affecting svchost.exe. Symptoms are: reboot loops and networking down. Trying to roll back to last version is difficult. This risk is high.

http://www.doecirc.energy.gov/bulletins/t-353.shtml

 

 

 

April 21, 2010

2010-04-21: MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in a denial-of-service condition.

http://www.securityfocus.com/bid/38260

 

 

April 21, 2010

2010-04-21: MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.

http://www.securityfocus.com/bid/37749

 

 

April 21, 2010

2010-04-21: MIT Kerberos 'gss_accept_sec_context()' Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.

http://www.securityfocus.com/bid/38904

 

 

April 21, 2010

2010-04-21: MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability An attacker may exploit this issue to crash the KDC service, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

http://www.securityfocus.com/bid/37486

 

 

April 21, 2010

2010-04-21: Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39336

 

 

April 21, 2010

2010-04-21: Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39312

 

 

April 21, 2010

2010-04-21: Microsoft Windows SMB Packet Remote Denial of Service Vulnerability A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users.

http://www.securityfocus.com/bid/36989

 

 

April 21, 2010

2010-04-21: Microsoft Windows SMB Client Message Size Remote Code Execution Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39340

 

 

April 21, 2010

2010-04-21: Microsoft Windows SMB Client Transaction Response Remote Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39339

 

 

April 21, 2010

2010-04-21: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.

http://www.securityfocus.com/bid/39303

 

 

April 21, 2010

2010-04-21: Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable (PE) or cabinet file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

http://www.securityfocus.com/bid/39328

 

 

April 21, 2010

2010-04-21: Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution Vulnerability Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed cabinet ('.cab') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application.

http://www.securityfocus.com/bid/39332

 

 

April 21, 2010

2010-04-21: Simasy CMS 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/30774

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed.

http://www.securityfocus.com/bid/39524

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed.

http://www.securityfocus.com/bid/39523

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39417

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.

http://www.securityfocus.com/bid/39522

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application; other attacks may also be possible.

http://www.securityfocus.com/bid/39515

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.

http://www.securityfocus.com/bid/39518

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.

http://www.securityfocus.com/bid/39514

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39470

 

 

April 21, 2010

2010-04-21: Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.

http://www.securityfocus.com/bid/39505

 

 

April 21, 2010

2010-04-21: Adobe Reader CVE-2010-0200 Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39227

 

 

April 21, 2010

2010-04-21: Joomla! Seber Cart Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39237

 

 

April 21, 2010

2010-04-21: uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38102

 

 

April 21, 2010

2010-04-21: WB News '/base/Comments.php' HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

http://www.securityfocus.com/bid/39626

 

 

April 21, 2010

2010-04-21: LightNEasy 'get_file.php' Local File Disclosure Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

http://www.securityfocus.com/bid/39623

 

 

April 21, 2010

2010-04-21: ZipGenius ZIP Archive Stack Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/39622

 

 

April 21, 2010

2010-04-21: LightNEasy 'language' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39621

 

 

April 21, 2010

2010-04-21: PortfolioDesign.org Portfolio for Joomla! 'phpThumb.php' Remote File Disclosure Vulnerability An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks.

http://www.securityfocus.com/bid/39620

 

 

April 21, 2010

2010-04-21: v2marketplacescript Arbitrary File Upload Vulnerability An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

http://www.securityfocus.com/bid/39618

 

 

April 21, 2010

2010-04-21: SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

http://www.securityfocus.com/bid/39616

 

 

April 21, 2010

2010-04-21: DBSite wb CMS 'index.php' Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39613

 

 

April 21, 2010

2010-04-21: Cisco Small Business Video Surveillance Cameras & 4-Port Router Authentication Bypass Vulnerability Successful exploits allow remote authenticated attackers to obtain other users' passwords and gain access to the vulnerable device. This will completely compromise an affected device.

http://www.securityfocus.com/bid/39612

 

 

April 21, 2010

2010-04-21: openMairie openRegistreCIL Local and Remote File Include Vulnerabilities Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

http://www.securityfocus.com/bid/39611

 

 

April 21, 2010

2010-04-21: Elastix 'id_nodo' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39610

 

 

April 21, 2010

2010-04-21: e107 'e107_admin/banner.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39609

 

 

April 21, 2010

2010-04-21: Webmoney Web Merchant Interface Component for Joomla! Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39608

 

 

April 21, 2010

2010-04-21: MMS Blog Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39607

 

 

April 21, 2010

2010-04-21: OrgChart Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39606

 

 

April 21, 2010

2010-04-21: phpThumb() 'fltr[]' Parameter Command Injection Vulnerability Attackers can exploit this issue to execute arbitrary commands in the context of the webserver. Note that successful exploitation requires 'ImageMagick' to be installed.

http://www.securityfocus.com/bid/39605

 

 

April 21, 2010

2010-04-21: imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application that uses the affected library. Failed exploit attempts may result in a denial-of-service condition.

http://www.securityfocus.com/bid/39604

 

 

 

April 20, 2010

T-352: iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities iSCSI Enterprise Target and tgt are prone to multiple format-string vulnerabilities because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Other attacks may also be possible, including data loss or corruption. This risk is moderate.

http://www.doecirc.energy.gov/bulletins/t-352.shtml

 

 

April 19, 2010

T-351: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. This risk is moderate.

http://www.doecirc.energy.gov/bulletins/t-351.shtml

 

 

April 16, 2010

T-350: Adobe Acrobat and Reader Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may also be possible but this has not been confirmed. This risk is high.

http://www.doecirc.energy.gov/bulletins/t-350.shtml

 

 

 

 

April 16, 2010

2010-04-16: Oracle Java SE and Java for Business Unspecified Vulnerabilities Successful attacks may allow attackers to gain unauthorized access to a computer in the context of the user running the affected application.

http://www.securityfocus.com/bid/39492

 

 

April 16, 2010

2010-04-16: Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities An attacker can exploit these issues to gain unauthorized access to the affected computer and to crash the affected application.

http://www.securityfocus.com/bid/39377

 

 

April 16, 2010

2010-04-16: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed.

http://www.securityfocus.com/bid/39524

 

 

April 16, 2010

2010-04-16: Joomla! 'com_manager' Component 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39519

 

 

April 15, 2010

T-349: [USN-928-1] Sudo vulnerability

A Sudo security issue affects several Ubuntu releases and some corresponding versions of Kubuntu, Edubuntu, Xubuntu, and Mac OS. Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-349.shtml

 

 

April 15, 2010

2010-04-15: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers.

http://www.securityfocus.com/bid/37128

 

 

April 15, 2010

2010-04-15: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.

http://www.securityfocus.com/bid/36097

 

 

April 15, 2010

2010-04-15: KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability An attacker may exploit this issue to execute arbitrary code and gain elevated privileges.

http://www.securityfocus.com/bid/39467

 

 

April 15, 2010

2010-04-15: Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

http://www.securityfocus.com/bid/39468

 

 

April 15, 2010

2010-04-15: Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

http://www.securityfocus.com/bid/38955

 

 

April 15, 2010

2010-04-15: VMware Remote Console 'connect' Method Remote Format String Vulnerability Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions.

http://www.securityfocus.com/bid/39396

 

 

 

April 15, 2010

2010-04-15: Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability Oracle Sun Java System Communications Express is prone to a remote vulnerability in Address Book. The vulnerability can be exploited over the 'HTTP' protocol.

http://www.securityfocus.com/bid/39461

 

 

April 15, 2010

2010-04-15: Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating. Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions.

http://www.securityfocus.com/bid/39453

 

 

April 15, 2010

2010-04-15: RPM Configuration File Handling Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39493

 

 

April 15, 2010

2010-04-15: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.

http://www.securityfocus.com/bid/39395

 

 

April 15, 2010

2010-04-15: Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications.

http://www.securityfocus.com/bid/39346

 

 

April 15, 2010

2010-04-15: Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability Successful exploits will allow attackers to crash the application, denying service to legitimate users.

http://www.securityfocus.com/bid/38200

 

 

April 15, 2010

2010-04-15: Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible.

http://www.securityfocus.com/bid/38198

 

 

April 15, 2010

2010-04-15: PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability PostgreSQL is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges.

http://www.securityfocus.com/bid/37333

 

 

April 15, 2010

2010-04-15: PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

http://www.securityfocus.com/bid/37334

 

 

April 15, 2010

2010-04-15: Apache 'mod_proxy_ajp' Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

http://www.securityfocus.com/bid/34663

 

 

April 15, 2010

2010-04-15: Apache 'mod_proxy' Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services.

http://www.securityfocus.com/bid/35565

 

 

April 15, 2010

2010-04-15: Pidgin Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users.

http://www.securityfocus.com/bid/38294

 

 

April 15, 2010

2010-04-15: Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to trigger denial-of-service conditions.

http://www.securityfocus.com/bid/36596

 

 

April 15, 2010

2010-04-15: LibThai Unspecified Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

http://www.securityfocus.com/bid/37822

 

 

April 15, 2010

2010-04-15: PhpMesFilms 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/33105

 

 

April 15, 2010

2010-04-15: Intel BIOS System Management Mode Local Privilege Escalation Vulnerability An attacker can exploit this issue to modify software that runs in System Management Mode (SMM). Successfully exploiting this issue will allow the attacker to compromise affected computers.

http://www.securityfocus.com/bid/38251

 

 

April 15, 2010

2010-04-15: IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability Successful attacks can allow local attacker to gain elevated privileges by obtaining access to an administrator's credentials.

http://www.securityfocus.com/bid/39525

 

 

April 15, 2010

2010-04-15: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition.

http://www.securityfocus.com/bid/39518

 

 

April 15, 2010

2010-04-15: Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39510

 

 

April 15, 2010

2010-04-15: Deluxe Blog Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39508

 

 

 

 

April 15, 2010

2010-04-15: BeeHeard Components for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39506

 

 

April 15, 2010

2010-04-15: TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39500

 

 

April 15, 2010

2010-04-15: IBM BladeCenter Advanced Management Module Denial of Service Vulnerability Successful exploits will cause the affected service to reboot, denying service to legitimate users.

http://www.securityfocus.com/bid/39499

 

 

April 15, 2010

2010-04-15: Mocha W32 LPD Remote Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39498

 

 

April 15, 2010

2010-04-15: Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39496

 

 

April 15, 2010

2010-04-15: Intellectual Property Joomla! Component 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39495

 

 

April 14, 2010

T-348: Java Deployment Toolkit Performs Insufficient Validation of Parameters The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. This risk is Low.

http://www.doecirc.energy.gov/bulletins/t-348.shtml

 

 

April 14, 2010

2010-04-14: PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2010-0879 Remote PeopleTools Vulnerability The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Valid Session' privileges.

http://www.securityfocus.com/bid/39441

 

 

April 14, 2010

2010-04-14: OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

http://www.securityfocus.com/bid/25163

 

 

April 14, 2010

2010-04-14: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/39013

 

 

April 14, 2010

2010-04-14: Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability Successful exploits will allow attackers to obtain the contents of a portion of memory or crash the application.

http://www.securityfocus.com/bid/34109

 

 

April 14, 2010

2010-04-14: GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

http://www.securityfocus.com/bid/34100

 

 

April 14, 2010

2010-04-14: Webmin and Usermin Unspecified Cross-Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/37259

 

 

April 14, 2010

2010-04-14: Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39469

 

 

April 14, 2010

2010-04-14: Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39417

 

 

April 14, 2010

2010-04-14: Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39470

 

 

April 14, 2010

2010-04-14: Cisco Secure Desktop ActiveX Control Executable File Arbitrary File Download Vulnerability Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. Successful exploits will allow attackers to execute arbitrary code within the context of the currently logged-in user.

http://www.securityfocus.com/bid/39478

 

 

April 14, 2010

2010-04-14: Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38944

 

 

April 14, 2010

2010-04-14: Mozilla Firefox CVE-2010-1122 Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39293

 

 

April 14, 2010

2010-04-14: Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38939

 

 

April 14, 2010

2010-04-14: Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability Attackers can exploit this issue to bypass content-loading policies. The impact of this issue will depend on the reasons behind the content check. Consequences may include cross-site request-forgery attacks, denial-of-service conditions, and possibly remote code execution.

http://www.securityfocus.com/bid/38927

 

 

April 14, 2010

2010-04-14: Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability An attacker may exploit this issue to obtain authentication credentials associated with a trusted site. This may lead to other attacks.

http://www.securityfocus.com/bid/38920

 

 

April 14, 2010

2010-04-14: Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or to launch other attacks.

http://www.securityfocus.com/bid/38919

 

 

April 14, 2010

2010-04-14: Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38921

 

 

April 14, 2010

2010-04-14: CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.securityfocus.com/bid/36958

 

 

April 14, 2010

2010-04-14: CUPS 'lppasswd' Tool Localized Message String Security Weakness Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers.

http://www.securityfocus.com/bid/38524

 

 

April 14, 2010

2010-04-14: CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability CUPS is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/38510

 

 

April 14, 2010

2010-04-14: Pango Glyph Definition Table Denial of Service Vulnerability Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users.

http://www.securityfocus.com/bid/38760

 

 

April 14, 2010

2010-04-14: CUPS File Descriptors Handling Remote Denial Of Service Vulnerability A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/37048

 

 

April 14, 2010

2010-04-14: GIMP PSD Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/37040

 

 

April 14, 2010

2010-04-14: ViewVC Regular Expression Search Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible.

http://www.securityfocus.com/bid/39053

 

 

April 14, 2010

2010-04-14: GIMP BMP Image Parsing Integer Overflow Vulnerability Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/37006

 

 

April 14, 2010

2010-04-14: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.

http://www.securityfocus.com/bid/36935

 

 

April 14, 2010

2010-04-14: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

http://www.securityfocus.com/bid/39331

 

 

April 14, 2010

2010-04-14: Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

http://www.securityfocus.com/bid/39045

 

 

April 14, 2010

2010-04-14: Joomla! 'com_qpersonel' Component 'katid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39466

 

 

April 14, 2010

2010-04-14: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.

http://www.securityfocus.com/bid/31692

 

 

April 14, 2010

2010-04-14: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/38533

 

 

April 14, 2010

2010-04-14: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.

http://www.securityfocus.com/bid/39247

 

 

April 14, 2010

2010-04-14: Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability Attackers can exploit this to call trusted methods in an unsafe manner; this can be leveraged to execute arbitrary code with the privileges of the user invoking the JRE.

http://www.securityfocus.com/bid/39065

 

 

April 14, 2010

2010-04-14: GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38628

 

 

 

 

April 14, 2010

2010-04-14: Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39300

 

 

April 14, 2010

2010-04-14: Microsoft Visio Index Calculation Memory Corruption Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39302

 

 

April 14, 2010

2010-04-14: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.

http://www.securityfocus.com/bid/39132

 

 

April 14, 2010

2010-04-14: mimeTeX Multiple Information Disclosure Vulnerabilities Attackers may leverage these issues to obtain sensitive information that may lead to further attacks.

http://www.securityfocus.com/bid/36632

 

 

April 14, 2010

2010-04-14: mimeTeX Multiple Stack Buffer Overflow Vulnerabilities Attackers may leverage these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/36631

 

 

April 14, 2010

2010-04-14: JA Comment Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39516

 

 

April 14, 2010

2010-04-14: Delicious Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39513

 

 

April 14, 2010

2010-04-14: Love Factory Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39512

 

 

April 14, 2010

2010-04-14: MT Fire Eagle Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39509

 

 

April 14, 2010

2010-04-14: Photo Battle Joomla! Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39504

 

 

April 14, 2010

2010-04-14: S5 Clan Roster 'com_s5clanroster' Joomla! Component Multiple Local File Include Vulnerabilities An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39503

 

 

April 14, 2010

2010-04-14: wgPicasa Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39497

 

 

April 14, 2010

2010-04-14: RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities Exploiting these issues may allow attackers to gain unauthorized access to affected computers. Failed attempts may cause crashes and deny service to legitimate users of the application.

http://www.securityfocus.com/bid/39490

 

 

April 14, 2010

2010-04-14: Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

http://www.securityfocus.com/bid/39489

 

 

April 14, 2010

2010-04-14: media Mall Factory Joomla! Component 'category' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39488

 

 

April 14, 2010

2010-04-14: almnzm 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39487

 

 

April 13, 2010

T-347: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability Multiple VMware-hosted products are prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks. This risk is undetermined.

http://www.doecirc.energy.gov/bulletins/t-347.shtml

 

 

April 13, 2010

TA10-103C: Adobe Reader and Acrobat Vulnerabilities An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a website. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF document.

http://www.us-cert.gov/cas/techalerts/TA10-103C.html

 

 

April 13, 2010

TA10-103B: Oracle Updates for Multiple Vulnerabilities The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.

http://www.us-cert.gov/cas/techalerts/TA10-103B.html

 

 

April 13, 2010

MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing A spoofing vulnerability exists in the Microsoft Windows IPv6 stack due to the way that Windows checks the inner packet's IPv6 source address in a tunneled ISATAP packet. An attacker who successfully exploited this vulnerability could impersonate an address to bypass edge or host firewalls. Additionally, information could be disclosed when the targeted computer replies to the message using the source IPv6 address that the attacker specified.

http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx

 

 

April 13, 2010

MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Visio calculates indexes when handling specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx

 

 

April 13, 2010

MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution A remote code execution vulnerability exists in the Windows Media Player ActiveX control. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs or view, change, or delete data with full user rights.

http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx

 

 

April 13, 2010

MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx

 

 

April 13, 2010

MS10-025: Vulnerability in Microsoft's Windows Media Services Could Allow REmote Code Execution A remote code execution vulnerability exists in Microsoft Windows 2000 Server Service Pack 4 running the optional Windows Media Services component due to the way the Windows Media Unicast Service handles specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default. Only Microsoft Windows 2000 Server systems that have enabled Windows Media Services are affected by this vulnerability.

http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx

 

 

April 13, 2010

MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service An information disclosure vulnerability exists in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) component due to the manner in which the SMTP component handles memory allocation. An attacker could exploit the vulnerability by sending invalid commands, followed by the STARTTLS command, to an affected server. An attacker who successfully exploited this vulnerability could read random e-mail message fragments stored on the affected server. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.

http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx

 

 

April 13, 2010

MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that Microsoft Office Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file.

http://www.microsoft.com/technet/security/Bulletin/MS10-023.mspx

 

 

April 13, 2010

MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution A remote code execution vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, the Windows Help System would be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

http://www.microsoft.com/technet/security/Bulletin/MS10-022.mspx

 

 

April 13, 2010

MS10-021: Vulnerabilities in Windows Kernel could allow Elevation of Privilege A denial of service vulnerability exists in the Windows kernel due to the way that the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application, causing the system to become unresponsive and automatically restart.

http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx

 

 

April 13, 2010

MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.

http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx

 

 

April 13, 2010

MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution

A remote code execution vulnerability exists in the Windows Authenticode Signature verification for cabinet (.cab) file formats. An anonymous attacker could exploit the vulnerability by modifying an existing signed cabinet file to point the unverified portions of the signature to malicious code, and then convincing a user to open or view the specially crafted cabinet file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx

 

 

April 12, 2010

T-346: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability

MIT Kerberos is prone to a remote denial-of-service vulnerability in 'kadmind'. An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users. MIT Kerberos 5 1.5 through 1.6.3 are vulnerable. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-346.shtml

 

 

 

 

 

 

 

April 09, 2010

2010-04-09: GNU libnss_db Local Information Disclosure Vulnerability Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.

http://www.securityfocus.com/bid/39132

 

 

April 09, 2010

2010-04-09: Drupal Views Module Cross Site Scripting and PHP Code Injection Vulnerabilities An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process.

http://www.securityfocus.com/bid/39301

 

 

April 09, 2010

2010-04-09: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

http://www.securityfocus.com/bid/38952

 

 

April 09, 2010

2010-04-09: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/39013

 

 

April 09, 2010

2010-04-09: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.

http://www.securityfocus.com/bid/31692

 

 

April 09, 2010

2010-04-09: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

http://www.securityfocus.com/bid/38533

 

 

April 09, 2010

2010-04-09: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability SpamAssassin Milter Plugin is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges.

http://www.securityfocus.com/bid/38578

 

 

April 09, 2010

2010-04-09: MoinMoin 'Despam' Action HTML Injection Vulnerability Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

http://www.securityfocus.com/bid/39110

 

 

April 09, 2010

2010-04-09: Microsoft Internet Explorer 'Tabular Data Control' ActiveX Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

http://www.securityfocus.com/bid/39025

 

 

April 09, 2010

2010-04-09: VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities VMware hosted products are prone to multiple remote and local vulnerabilities: A remote arbitrary code-execution vulnerability, a privilege-escalation vulnerabillity, multiple heap-based buffer-overflow vulnerabilities, multiple format-string vulnerabilities, a remote denial-of-service vulnerabillity, and an information-disclosure vulnerability. An attacker can exploit these issues to execute arbitrary code, elevate privileges, cause denial-of-service conditions, and obtain sensitive information. Other attacks are also possible.

http://www.securityfocus.com/bid/39345

 

 

April 09, 2010

2010-04-09: Linux Kernel ReiserFS Security Bypass Vulnerability Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

http://www.securityfocus.com/bid/39344

 

 

April 08, 2010

T-344: Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data when parsing FLC encoded '.fli' movie files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-344.shtml

 

 

April 08, 2010

2010-04-08: ClamAV Security Bypass And Memory Corruption Vulnerabilities Attackers may exploit the issues to bypass certain security restrictions or execute arbitrary code in the context of the application. Failed exploit attempts may result in denial-of-service conditions.

http://www.securityfocus.com/bid/39262

 

 

April 08, 2010

2010-04-08: myMP3-Player '.m3u' File Buffer Overflow Vulnerability Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

http://www.securityfocus.com/bid/38835

 

 

April 08, 2010

2010-04-08: udisks 'probers/udisks-dm-export.c' Local Information Disclosure Vulnerability Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

http://www.securityfocus.com/bid/39265

 

 

April 08, 2010

2010-04-08: Joomla! AWD Wall Component 'cbuser' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/38194

 

 

April 08, 2010

2010-04-08: Pulse CMS 'view.php' Cross Site Scripting Vulnerability An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/38356

 

 

April 08, 2010

2010-04-08: Joomla! UIajaxIM Component Arbitrary Script Injection Vulnerability The 'UIajaxIM' component for Joomla! is prone to a vulnerability that an attacker could exploit to execute arbitrary script code in the context of the webserver. The issue occurs because the component fails to properly sanitize user-supplied input. Successful exploits may compromise the application.

http://www.securityfocus.com/bid/35798

 

 

April 08, 2010

2010-04-08: Foxit Reader Remote Code Execution Vulnerability Foxit Reader is prone to a remote code-execution vulnerability because it fails to properly restrict access to certain functionality. An attacker can exploit this issue by enticing a user to open a malicious PDF file. Successful exploits may allow the attacker to execute arbitrary code or commands in the context of a user running the affected application.

http://www.securityfocus.com/bid/39109

 

 

April 08, 2010

2010-04-08: Multiple Vendor 'librpc.dll' Stack Buffer Overflow Vulnerability Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/38472

 

 

 

 

April 08, 2010

2010-04-08: Apple QuickTime CoreMedia H.263 Encoded '.3g2' Movie Files Heap Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

http://www.securityfocus.com/bid/39167

 

 

April 08, 2010

2010-04-08: TUGZip 3.5 ZIP File Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39180

 

 

April 08, 2010

2010-04-08: Linux Kernel 'nameidata' Null Pointer Dereference Vulnerability An attacker can exploit this issue to crash the affected system. Due to the nature of the issue, code execution is possible; however, it has not been confirmed.

http://www.securityfocus.com/bid/39186

 

 

April 08, 2010

2010-04-08: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.

http://www.securityfocus.com/bid/36935

 

 

April 08, 2010

2010-04-08: Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability An attacker can exploit this issue to gain unauthorized network access. Successfully exploiting this issue may lead to further attacks.

http://www.securityfocus.com/bid/39234

 

 

April 08, 2010

2010-04-08: gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability The 'gnome-screensaver' application is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.

http://www.securityfocus.com/bid/38211

 

 

April 08, 2010

2010-04-08: Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.

http://www.securityfocus.com/bid/39081

 

 

April 08, 2010

2010-04-08: Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.

http://www.securityfocus.com/bid/39078

 

 

April 08, 2010

2010-04-08: Joomla! JA Voice Component 'view' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39343

 

 

April 08, 2010

2010-04-08: Joomla! Webee Comments Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39342

 

 

April 08, 2010

2010-04-08: Joomla! foobla Suggestions Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39341

 

 

April 08, 2010

2010-04-08: Joomla! Realtyna Translator Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39337

 

 

April 08, 2010

2010-04-08: AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

http://www.securityfocus.com/bid/39334

 

 

April 08, 2010

2010-04-08: AWD Solution AWDwall Component for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

http://www.securityfocus.com/bid/39331

 

 

April 08, 2010

2010-04-08: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities Adobe released advance notification that on April 13, 2010, the vendor will be releasing a security bulletin addressing multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities are rated 'critical'.

http://www.securityfocus.com/bid/39329

 

 

April 08, 2010

2010-04-08: Smileys Module For Drupal Delete URI Cross Site Request Forgery Vulnerability Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.

http://www.securityfocus.com/bid/39316

 

 

April 08, 2010

2010-04-08: TCPDF 'params' Attribute Remote Code Execution Weakness

An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

http://www.securityfocus.com/bid/39315

 

 

April 08, 2010

2010-04-08: MODx Evolution Cross Site Scripting and SQL Injection Vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39310

 

 

April 08, 2010

2010-04-08: Joomla! 'com_articles' Component 'sid' Parameter SQL Injection Vulnerability

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39307

 

 

April 07, 2010

T-343: Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability

Oracle Java SE and Java for Business are prone to a remote vulnerability in the Java Runtime Environment. The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. This risk is Moderate.

http://www.doecirc.energy.gov/bulletins/t-343.shtml

 

 

April 07, 2010

2010-04-07: Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability

Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory.

http://www.securityfocus.com/bid/37945

 

 

April 07, 2010

2010-04-07: Apache Tomcat WAR File Directory Traversal Vulnerability

Exploiting this issue allows attackers to delete or overwrite arbitrary files within the context of the webserver.

http://www.securityfocus.com/bid/37944

 

 

April 07, 2010

2010-04-07: Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability

An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks.

http://www.securityfocus.com/bid/37942

 

 

April 07, 2010

2010-04-07: Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability

Mozilla Firefox and SeaMonkey are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.

http://www.securityfocus.com/bid/37368

 

 

April 07, 2010

2010-04-07: Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability

Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE.

http://www.securityfocus.com/bid/39062

 

 

April 07, 2010

2010-04-07: Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability

A local attacker can exploit this issue to corrupt system files, resulting in a denial-of-service condition. Other attacks may be possible.

http://www.securityfocus.com/bid/38326

 

 

April 07, 2010

2010-04-07: Samba Symlink Directory Traversal Vulnerability

Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks. To exploit this issue, attackers require authenticated access to a writable share. Note that this issue may be exploited through a writable share accessible by guest accounts.

http://www.securityfocus.com/bid/38111

 

 

April 07, 2010

2010-04-07: Intel Active Management Technology SDK Remote Buffer Overflow Vulnerability

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39043

 

 

April 07, 2010

2010-04-07: Apple Mac OS X Preferences System Login Restrictions Authentication Bypass Security Vulnerability

An attacker can exploit this issue to gain unauthorized access to the affected computer. Succesful exploits may lead to other attacks.

http://www.securityfocus.com/bid/39153

 

 

April 07, 2010

2010-04-07: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

http://www.securityfocus.com/bid/37118

 

 

April 07, 2010

2010-04-07: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

http://www.securityfocus.com/bid/37865

 

 

April 07, 2010

2010-04-07: Stack Ideas 'com_sectionex' Component for Joomla! Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/38751

 

 

April 07, 2010

2010-04-07: CUPS 'lppasswd' Tool Localized Message String Security Weakness

Exploiting this issue in conjunction with a local format-string issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers.

http://www.securityfocus.com/bid/38524

 

 

April 07, 2010

2010-04-07: ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Other attacks are also possible.

http://www.securityfocus.com/bid/35848

 

 

April 07, 2010

2010-04-07: Mahara Username Generation SQL Injection Vulnerability

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39253

 

 

 

 

 

April 07, 2010

2010-04-07: Smarty Template Engine 'function.math.php' Security Bypass Vulnerability

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

http://www.securityfocus.com/bid/34918

 

 

April 07, 2010

2010-04-07: Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

http://www.securityfocus.com/bid/31862

 

 

April 07, 2010

2010-04-07: MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability

An attacker may exploit this issue to cause the affected application to crash, denying service to legitimate users.

http://www.securityfocus.com/bid/39247

 

 

April 07, 2010

2010-04-07: MIT Kerberos Multiple Memory Corruption Vulnerabilities

Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities.

http://www.securityfocus.com/bid/26750

 

 

April 07, 2010

2010-04-07: Linux Kernel 'sctp_rcv_ootb()' Remote Denial of Service Vulnerability

Attackers can exploit this issue to cause an infinite loop, denying service to legitimate users.

http://www.securityfocus.com/bid/38857

 

 

April 07, 2010

2010-04-07: Istgah For Centerhost 'view_ad.php' Cross-Site Scripting Vulnerability

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39330

 

 

April 07, 2010

2010-04-07: IBM Systems Director Agent Insecure File Permissions Vulnerabilities

IBM Systems Director Agent is prone to multiple security vulnerabilities because it sets insecure file permissions. An attacker can exploit these issues to perform unauthorized actions by executing the affected scripts.

http://www.securityfocus.com/bid/39305

 

 

April 07, 2010

2010-04-07: Drupal Internationalization Module Cross Site Scripting Vulnerabilities

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39304

 

 

April 07, 2010

2010-04-07: Plume CMS Multiple Local File Include Vulnerabilities

An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39299

 

 

April 07, 2010

2010-04-07: vel File Uploader Remote File Upload Vulnerability

Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

http://www.securityfocus.com/bid/39294

 

 

April 07, 2010

2010-04-07: AnyZip ZIP File Remote Buffer Overflow Vulnerability

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39287

 

 

April 07, 2010

2010-04-07: FreePHPWebsiteSoftware 'default_theme.php' Remote File Include Vulnerability

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

http://www.securityfocus.com/bid/39280

 

 

April 07, 2010

2010-04-07: PotatoNews 'nid' Parameter Multiple Local File Include Vulnerabilities

An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39276

 

 

April 07, 2010

2010-04-07: abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities

The attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the application, gain access to local files, and execute arbitrary postscript code.

http://www.securityfocus.com/bid/39271

 

 

April 07, 2010

2010-04-07: MediaWiki Cross Site Request Forgery Vulnerability

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

http://www.securityfocus.com/bid/39270

 

 

April 07, 2010

2010-04-07: aWiki Component for Joomla! 'controller' Parameter Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39267

 

 

April 07, 2010

2010-04-07: VJDEO Component for Joomla! 'controller' Parameter Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39266

 

 

April 06, 2010

T-342: Mozilla Firefox Cross Document DOM Node Movement Remote Code Execution Vulnerability

Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This vulnerability affects Mozilla Firefox 3.6.x versions. This risk is High.

http://www.doecirc.energy.gov/bulletins/t-342.shtml

 

 

April 06, 2010

2010-04-06: Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability

Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

http://www.securityfocus.com/bid/39140

 

 

April 06, 2010

2010-04-06: Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption Vulnerability

Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.

http://www.securityfocus.com/bid/39023

 

 

April 06, 2010

2010-04-06: Horde Turba Contact Manager '/imp/test.php' Cross Site Scripting Vulnerability

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.securityfocus.com/bid/31168

 

 

April 06, 2010

2010-04-06: Apple QuickTime H.264 Movie File Remote Code Execution Vulnerability

Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

http://www.securityfocus.com/bid/39159

 

 

April 06, 2010

2010-04-06: Python zlib Module Remote Buffer Overflow Vulnerability

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/28715

 

 

April 06, 2010

2010-04-06: Miranda IM Information Disclosure Vulnerability

Successful exploits of this issue may allow attackers to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information.

http://www.securityfocus.com/bid/39209

 

 

April 06, 2010

2010-04-06: Jzip ZIP File Remote Buffer Overflow Vulnerability

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39326

 

 

April 06, 2010

2010-04-06: ShopSystem 'view_image.php' SQL Injection Vulnerability

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39260

 

 

April 06, 2010

2010-04-06: Joomla! 'com_xobbix' Component 'prodid' Parameter SQL Injection Vulnerability

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.securityfocus.com/bid/39259

 

 

April 06, 2010

2010-04-06: Virata EmWeb URI Remote Denial Of Service Vulnerability

Successful exploits will cause the device to reset, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code, but this has not been confirmed.

http://www.securityfocus.com/bid/39257

 

 

April 06, 2010

2010-04-06: The Best Makers Appointment Component for Joomla! Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39254

 

 

April 06, 2010

2010-04-06: joomla-flickr Component 'controller' Parameter Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39251

 

 

April 06, 2010

2010-04-06: NextGEN Gallery WordPress Plugin 'xml/media-rss.php' Cross Site Scripting Vulnerability

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.securityfocus.com/bid/39250

 

 

April 06, 2010

2010-04-06: Computer Associates XOsoft Unspecified SOAP Request Information Disclosure Vulnerability

Computer Associates XOsoft is prone to an information-disclosure vulnerability because of a lack of appropriate authentication. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.

http://www.securityfocus.com/bid/39249

 

 

April 06, 2010

2010-04-06: JOOFORGE Jukebox Component for Joomla! 'controller' Parameter Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39248

 

 

April 06, 2010

2010-04-06: Affiliate Feeds Component for Joomla! 'controller' Parameter Local File Include Vulnerability

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39246

 

 

April 06, 2010

2010-04-06: Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability

Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.

http://www.securityfocus.com/bid/39244

 

 

April 06, 2010

2010-04-06: McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities

An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.

http://www.securityfocus.com/bid/39242

 

 

April 06, 2010

2010-04-06: Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

http://www.securityfocus.com/bid/39238

 

 

April 06, 2010

2010-04-06: Microsoft Office Communicator SIP Remote Denial of Service Vulnerability

Exploiting this issue allows remote attackers to cause denial-of-service conditions.

http://www.securityfocus.com/bid/39221

 

 

April 05, 2010

T-341: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the WebDAV functionality. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This risk is High.

http://www.doecirc.energy.gov/bulletins/t-341.shtml

 

 

April 02, 2010

T-340: Jabber Studio JabberD Remote Denial Of Service Vulnerability

Jabber Studio 'jabberd' is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network messages. An attacker may leverage this issue by causing the affected server to crash, denying service to legitimate users. This issue can be exploited through the use of a client application for jabber.

http://www.doecirc.energy.gov/bulletins/t-340.shtml

 

 

April 02, 2010

T-339: Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability

Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. This issue was disclosed by Nils during the Pwn2Own 2010 contest as part of the CanSecWest security conference.

http://www.doecirc.energy.gov/bulletins/t-339.shtml

 

 

 
Computer Tips PDF Print E-mail

Watch out for: Scams / Speed Up my PC Software

I have heard dozens of commercials on the radio and television for speedupmypc.com, maxmyspeed.com, and fastatlast.com.


It sounds great. "Has your computer slowed down? Does it crash or freeze up at the worst times? Does it post confusing error messages? Do you get 'unable to load' errors?"

Speedupmypc.com advertises that it gets a 5 cow rating from Tucows (that's a rating of 5 out of 5 on a popular site that offers free and trial software). The problem is that this rating is for "popularity" not for user satisfaction.

In my opinion, I would stay away from speedupmypc.com or any of its variant names. If you install the free performance scan offered by speedupmypc.com, you may have a difficult time removing it and you will be stalked by pop ups offering you the full version for $29.95, or $39.95 or $69.95.

Don't do it!!!

Just search Google for speedupmypc.com scam and read the comments. That should tell you what you need to know.

"Bottom Line if something is wrong with your computer enough to cause significant performance degradation, no additional software you load on the computer will fix the problem."

Matt Massie


Computer Repair Service

 
Directions PDF Print E-mail

CBPC Directions


CBPC Map

From Ashland, KY area: Cross Ashland bridge to Ohio US 52W, Continue approx. 2 miles to SR-141 Ironton Exit. Make a left turn and stay in left lane (You will see Ohio University Southern Campus). At the light turn Left. Continue 2 blocks until 3 way stop (Red Blinking Light), Continue straight 2 blocks. Turn Right at Pleasant St. Custom-BuiltPCs is straight ahead 3.5 Blocks on right.

From Russell, KY area: Cross Ironton/Russell Bridge. Make Left turn off bridge, Continue until second light, Turn Right. Continue for approx 1.5 miles until you see Rax Restaurant on right, make a Left turn on Pleasant St. Continue 5.5 Blocks store on left.

From Portsmouth, OH area: US 52E, Continue to second Ironton exit, SR-141, Turn right off exit into Left lane at traffic light (You will see Ohio University Southern Campus). At the light turn Left. Continue 2 blocks until 3 way stop (Red Blinking Light), Continue straight 2 blocks. Turn Right at Pleasant St. Custom-BuiltPCs is straight ahead 3.5 Blocks on right.

From Huntington, WV area: Cross bridge to US 52W, after passing the Coal Grove exit start looking for SR-141 exit. Take SR-141 Exit and make a left turn and stay in left lane (You will see Ohio University Southern Campus). At the light turn Left. Continue 2 blocks until 3 way stop, Continue straight 2 blocks. Turn Right at Pleasant St. Custom-BuiltPCs is straight ahead 3.5 Blocks on right.

Custom-BuiltPCs.com factory outlet
is located at the corner of 8th and Pleasant St.
801 Pleasant St. - (Formerly 2319 S. 8th St.)
Ironton, OH 45638
CALL (740) 532-5471




Store Hours

Mon-Fri 9AM-5PM

Sat 10AM-2PM

 
« StartPrev1234NextEnd »

Page 1 of 4


Copyright © 2002-2018 Custom-BuiltPCs.com All Rights Reserved Custom-BuiltPCs.com