CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to...

Microsoft Windows Kernel 'Win32k.sys' Data Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

Debian: Security Advisory (DSA-2043-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2044-1 (mplayer)

The remote host is missing an update to mplayer announced via advisory DSA 2044-1. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Microsoft Outlook Express and Windows Mail Integer Overflow (MS10-030; CVE-2010-0816)

Windows Mail formerly Outlook Express is an online communication tool for use with Windows. A remote code execution vulnerability has been reported in the way that Windows Mail Client handles specially crafted mail responses. The vulnerability is caused when a common library used by Outlook Expre...

Microsoft Windows Outlook Express and Windows Mail Integer Overflow

No description provided by source. Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis...

{PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow

Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis Provencher Protek Research Lab's Website:...

DSA-2044-1 mplayer - arbitrary code execution

Bulletin has no description...

Security Best Practice: Protect Yourself from Cross-Site Scripting Attacks

'Cross-site' refers to the security restrictions that the client browser usually places on data i.e. cookies, dynamic content attributes, etc. associated with a web site. By launching a cross site scripting attack, an attacker bypasses these security restrictions, which may result in anything fro...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

Sql injection

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

CVE-2010-1615

CVE-2010-1615 affects Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, with two exploitation vectors: (1) add_to_log in mod/wiki/view.php (wiki module) and (2) data validation in some form elements per lib/form/selectgroups.php. The issue enables remote attackers to execute arbitrary SQL comman...

Adobe Acrobat PDF Font Processing Memory Corruption (CVE-2008-4813)

Adobe develops products for creating, distributing, and viewing Portable Document Format PDF documents. Adobe Reader is a viewer application that allows for reading and the printing of PDF documents. Adobe Acrobat provides PDF authoring functionality in addition to those of viewing. A memory...

CA BrightStor ARCserve Backup caloggerd.exe Null Hostname Denial of Service (CVE-2007-2772)

A Null dereference vulnerability exists in the CA BrightStor ARCserve Backup caloggerd process. The vulnerability is due to insufficient data validation when parsing strings in received RPC requests. A remote unauthenticated attacker may leverage this vulnerability by sending a specially crafted...

squid -- Denial of Service vulnerability in DNS handling

Squid security advisory 2010:1 reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets. This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term...

Microsoft DirectPlay Denial of Service (CVE-2004-0202)

DirectPlay is a network protocol component of the DirectX game library. It provides networking functionality for developers who wish to develop networked applications, generally multi-player games. There exists a denial of service vulnerability in the IDirectPlay4 application programming interfac...

Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow (CVE-2008-2928)

Red Hat Directory Server is an LDAP-based server that centralizes application settings, user profiles, group data, policies, and access control information into an operating system-independent, network-based registry. Fedora Directory Server is a free version of Red Hat Directory Server. There...

Input validation

The Graphics Device Interface GDI in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, a...