CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

CVE-2010-3554

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...

VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability (CVE-2010-3219)

VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability CVE-2010-3219 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the abilit...

Memory corruption

Microsoft Windows Media Player WMP 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption...

Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)

This host is missing a critical security update according to Microsoft Bulletin MS10-082. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Browser Embedded Media Player Memory Corruption (MS10-082; CVE-2010-2745)

Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in the Windows Media Player that improperly...

CVE-2009-5001

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...

openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)

Mozilla SeaMonkey 2.0 was updated to version 2.0.8, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based product...

Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities

Binary data 5656.prm...

Mozilla Thunderbird < 3.0.7 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 3.0.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-49 - An integer overflow vulnerability ...

[SECURITY] Fedora 13 Update: python3-3.1.2-7.fc13

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

Leadtools ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

Exploit for windows platform in category dos / poc ===================================================================== Leadtools ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities ===================================================================== LEADTOOLS ActiveX Common Dialogs 16....

LeadTools ActiveX common dialogs 16.5 - Multiple Vulnerabilities

LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities Vendor: LEAD Technologies, Inc. Product Web Page: http://www.leadtools.com Affected version: 16.5.0.2 Summary: With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device...

Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...

CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...

CVE-2010-1870

The CVE-2010-1870 entry covers OGNL expression evaluation in XWork (Struts 2.0.0–2.1.8.1) with a permissive whitelist that allows remote modification of server-side context objects and bypass of the # protection via OGNL context variables (e.g., #context, #root, #this, etc.). Cisco advisory notes...

Security Settings for ActiveX controls and OLE objects in Office 2003 and in the 2007 Office suite

Resolves the issue on how users can have the ability to control if and how ActiveX controls and OLE objects load with an Office kill-bit list.Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can...

CVE-2010-1903

Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."...

PT-2010-3513 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7 Description: A denial of service issue exists due to improper validation of access control lists on kernel objects. Th...