USN-1014-1: Pidgin vulnerabilities

Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS...

CentOS Update for finch CESA-2010:0788 centos4 i386

Check for the Version of finch OpenVAS Vulnerability Test CentOS Update for finch CESA-2010:0788 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

libpurple library / Pidgin DoS

Crash on base64 decoding in different protocols...

finch, libpurple, pidgin security update

CentOS Errata and Security Advisory CESA-2010:0788 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: pidgin security update

Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Fedora 14 : glibc-2.12.90-17 (2010-16308)

Implement accurate fma BZ3268, 43358 - Fix alignment of AVX save area on x86-64 BZ12113 - Fix regex memory leaks BZ12078 - Improve output of psiginfo BZ12107, BZ12108 - Don't return NULL address in getifaddrs BZ12093 - Fix strstr and memmem algorithm BZ12092, 641124 - Don't discard result of...

MS10-070 ASP.NET Padding Oracle File Download

Exploit for asp platform in category remote exploits ============================================= MS10-070 ASP.NET Padding Oracle File Download ============================================= !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved...

ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net

Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage） ByXSSstructure post submission of personal information is modified, the modification is...

Ученым удалось расшифровать геном южных комаров

14:33 01.10.2010 Ученым удалось расшифровать геном южных комаров, способных быть переносчиками таких заболеваний, как малярия, энцефалит, лихорадка Западного Нила, филяриатоз и другие смертельно опасные заболевания. При помощи исследования полученного генного материала исследователи надеются...

ImageMagick security and bug fix update

6.2.8.0-4.el55.2 - Fix SGI image decoding 625058 6.2.8.0-4.el55.1 - Add fix for CVE-2009-1882 504304...

Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting XSS attacks via crafte...

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

Microsoft Exchange and Outlook TNEF Decoding Integer Overflow (CVE-2006-0002)

A buffer overflow vulnerability exists in the way Microsoft Exchange and Microsoft Outlook process TNEF encoded messages. When the TNEF decoder used by these products processes a TNEF object record with a large size value, an integer overflow can occur. An attacker potentially can exploit this...

Internet Explorer HTML Decoding Memory Corruption (CVE-2006-2382)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser supports various languages as well as most of the known character sets. Character sets define the character encoding used in an HTML page. Languages that have more characters than the ASCII set defines nee...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

xen: emulator instruction decoding inconsistency

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux RHEL 5 allows guest OS users to cause a denial of service 32-bit guest OS crash via vectors that trigger an unspecified instruction emulation...

Spammers Outsource CAPTCHA Decoding

Faced with stricter Internet security measures like CAPTCHAS, some spammers have begun borrowing a page from corporate America’s playbook: they are outsourcing. Read the full article. The New York Times...

Heap overflow

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

CVE-2010-0849

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...