Home PHP Scripts Contact News Articles RSS Readers Donations

Software Vulnerability

 
Main

Software Alerts

Software and Script Bug Exploits
Software Vulnerability
Random Feeds

Archives

| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |

Thu, 22 Apr 10
solaris, opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4774
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.

Fri, 16 Apr 10
CVE-2010-0881
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0881
Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors.

Fri, 16 Apr 10
weblogic_server, weblogic_server_component
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0073
Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Fri, 16 Apr 10
server_monitor
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1316
Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request containing a long PATH_INFO to index.asp.

Fri, 16 Apr 10
CVE-2010-0812 (windows_xp, windows_2003_server, windows_server_2003, windows_server_2008, window...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0812
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."

Fri, 16 Apr 10
windows_server_2008, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0810
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

Fri, 16 Apr 10
CVE-2010-0487 (windows_7, windows_2000, windows_xp, windows_2003_server, windows_server_2003, wi...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0487
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature...

Fri, 16 Apr 10
CVE-2010-0486 (windows_7, windows_2000, windows_xp, windows_2003_server, windows_server_2003, wi...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0486
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid ...

Fri, 16 Apr 10
windows_7, windows_server_2008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0482
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."

Fri, 16 Apr 10
windows_7, windows_server_2008, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0481
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."

Fri, 16 Apr 10
CVE-2010-0480 (windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_serve...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0480
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

Fri, 16 Apr 10
publisher
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0479
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."

Fri, 16 Apr 10
windows_2000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0478
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."

Fri, 16 Apr 10
windows_7, windows_server_2008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0477
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."

Fri, 16 Apr 10
CVE-2010-0476 (windows_7, windows_2003_server, windows_server_2003, windows_server_2008, windows...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0476
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."

Fri, 16 Apr 10
windows_7, windows_server_2008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0270
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."

Fri, 16 Apr 10
CVE-2010-0269 (windows_7, windows_2000, windows_xp, windows_2003_server, windows_server_2003, wi...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0269
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."

Fri, 16 Apr 10
windows_2000, windows_media_player, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0268
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."

Fri, 16 Apr 10
visio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0256
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."

Fri, 16 Apr 10
visio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0254
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."

Fri, 16 Apr 10
windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0238
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."

Fri, 16 Apr 10
windows_2000, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0237
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."

Fri, 16 Apr 10
windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0236
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."

Fri, 16 Apr 10
windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0235
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."

Fri, 16 Apr 10
CVE-2010-0234 (windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_serve...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0234
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0204
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0203
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0202
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0201
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0199
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0198
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0197
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0196
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0195
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0194
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0193
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0192
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0191
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."

Fri, 16 Apr 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0190
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Fri, 16 Apr 10
CVE-2010-0025 (windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_serve...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0025
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."

Fri, 16 Apr 10
CVE-2010-0024 (windows_2000, windows_xp, windows_2003_server, windows_server_2003, windows_serve...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0024
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

Wed, 14 Apr 10
com_vjdeo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1354
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

Wed, 14 Apr 10
com_loginbox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1353
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

Wed, 14 Apr 10
com_jukebox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1352
Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

Wed, 14 Apr 10
nodesforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1351
Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.

Wed, 14 Apr 10
com_jp_jobs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1350
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Wed, 14 Apr 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1349
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

Wed, 14 Apr 10
memcached
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1152
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.

Wed, 14 Apr 10
udisks
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1149
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.

Wed, 14 Apr 10
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1146
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.

Wed, 14 Apr 10
workstation, player, ace, server, fusion, esxi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1142
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.

Wed, 14 Apr 10
workstation, player, ace, server, fusion, esxi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1141
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored ...

Wed, 14 Apr 10
workstation, player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1140
The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.

Wed, 14 Apr 10
workstation, player, server, fusion, vix_api
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1139
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Wed, 14 Apr 10
workstation, player, ace, server, fusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1138
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on...

Wed, 14 Apr 10
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0741
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).

Wed, 14 Apr 10
vmrc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3732
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

Wed, 14 Apr 10
movie_decoder, workstation, player, server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1565
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

Wed, 14 Apr 10
movie_decoder, workstation, player, server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1564
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

Wed, 14 Apr 10
websphere_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1348
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.

Wed, 14 Apr 10
director_agent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1347
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.

Wed, 14 Apr 10
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1148
The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.

Tue, 6 Apr 10
netware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1591
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.

Tue, 6 Apr 10
netware, netware_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2434
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.

Tue, 6 Apr 10
netware, netware_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2433
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

Tue, 6 Apr 10
netware, netware_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2432
Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.

Tue, 6 Apr 10
netware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1587
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.

Tue, 6 Apr 10
netware, netware_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1246
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.

Tue, 6 Apr 10
netware, netware_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1245
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.

Fri, 2 Apr 10
java
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0082
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

 

© amigura.co.uk All Rights Reserved.