CA BrightStor ARCserve Backup Tape Engine RPC ReserveGroup Buffer Overflow (CVE-2006-6917)

Computer Associates BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exists a...

CVE-2010-2630

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service application crash via a crafted file, a different vulnerability than...

NTSOFT BBS E-Market Professional Cross Site Scripting

+================================================================================================+ + NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code + +================================================================================================+ Authors: Ivan Sanchez...

CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to...

Input validation

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to...

CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to...

Microsoft Windows Kernel 'Win32k.sys' Data Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

Debian: Security Advisory (DSA-2043-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2044-1 (mplayer)

The remote host is missing an update to mplayer announced via advisory DSA 2044-1. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Microsoft Outlook Express and Windows Mail Integer Overflow (MS10-030; CVE-2010-0816)

Windows Mail formerly Outlook Express is an online communication tool for use with Windows. A remote code execution vulnerability has been reported in the way that Windows Mail Client handles specially crafted mail responses. The vulnerability is caused when a common library used by Outlook Expre...

Microsoft Windows Outlook Express and Windows Mail Integer Overflow

No description provided by source. Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis...

{PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow

Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date: 2009-09-11 Author: Francis Provencher Protek Research Lab's Website:...

DSA-2044-1 mplayer - arbitrary code execution

Bulletin has no description...

Security Best Practice: Protect Yourself from Cross-Site Scripting Attacks

'Cross-site' refers to the security restrictions that the client browser usually places on data i.e. cookies, dynamic content attributes, etc. associated with a web site. By launching a cross site scripting attack, an attacker bypasses these security restrictions, which may result in anything fro...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

Sql injection

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

CVE-2010-1615

CVE-2010-1615 affects Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, with two exploitation vectors: (1) add_to_log in mod/wiki/view.php (wiki module) and (2) data validation in some form elements per lib/form/selectgroups.php. The issue enables remote attackers to execute arbitrary SQL comman...

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

Adobe Acrobat PDF Font Processing Memory Corruption (CVE-2008-4813)

Adobe develops products for creating, distributing, and viewing Portable Document Format PDF documents. Adobe Reader is a viewer application that allows for reading and the printing of PDF documents. Adobe Acrobat provides PDF authoring functionality in addition to those of viewing. A memory...