Joostina (Multiple Components) - SQL Injection

source: https://www.securityfocus.com/bid/47595/info Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the applications...

Multiple ActiveX components security vulnerabilities

kill bit update for multiple components of different vendors...

MS11-024: Vulnerability in Windows Fax Cover Page Editor could allow remote code execution: April 12, 2011

Resolves a vulnerability in Windows that could allow remote code execution if a user opened a specially crafted fax cover page file .cov by using Windows Fax Cover Page Editor.Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows,...

Fedora 13 2011-4102

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Update Information: According to https://fedorahosted.org/fpc/ticket/69 and to new PHP Guidelines, move %peardocdir /usr/share/pear/doc to %docdir/pear /usr/share/doc/pear...

[SECURITY] Fedora 15 Update: php-pear-1.9.2-1.fc15

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components...

Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1

Ubuntu Update for Linux kernel vulnerabilities USN-1079-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10791.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

USN-1079-1: OpenJDK 6 vulnerabilities

It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. CVE-2010-4448 It was discovered that the Java launcher did not did not properly setup the LDLIBRARYPATH environment variable. A local...

RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Of Night Dragons and Silver Bullets

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames...

Oracle Document Capture - empop3.dll Insecure Methods

Oracle Document Capture - empop3.dll Insecure Methods Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture...

Oracle Document Capture - 'empop3.dll' Insecure Methods

Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.c...

Oracle Document Capture Actbar2.ocx Insecure Method

ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response:...

Design/Logic Flaw

The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to 1 the Lock Server or 2 the Advanced Multithreaded Server...

CVE-2011-0489

CVE-2011-0489 affects Objectivity/DB 10.0 server components, where authentication is not required for administrative commands. This allows remote attackers to modify data, retrieve sensitive information, or cause a denial of service by sending commands over TCP to the Lock Server or the Advanced ...

New York Times: Stuxnet A Joint US-Israeli Operation

Details of the Stuxnet worm’s origins and functioning have been seeping into the media, tidbit by intriguing tidbit, since last Summer, when news of the worm went mainstream. But a new exclusive from the New York Times breaks the Stuxnet story wide open, confirming oft-cited theories that it was ...

CVE-2011-0026

Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...

CVE-2011-0027

Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer...

Integer overflow

Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...

Microsoft Data Access Components Vulnerability

.body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var FinalHeapSpraySize = 900; //var SmallHoleSize = 0x1F0; var...

Microsoft Data Access Components - Remote Overflow (MS11-002)

.body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var FinalHeapSpraySize = 900; //var SmallHoleSize = 0x1F0; var...