CVE-2010-2792

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

CVE-2010-2794

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

CentOS 5 : spice-xpi (CESA-2010:0651)

An updated spice-xpi package that fixes two security issues and three bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

spice security update

CentOS Errata and Security Advisory CESA-2010:0651 An updated spice-xpi package that fixes two security issues and three bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

spice-xpi symlink attack

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

CVE-2010-2990

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers...

Design/Logic Flaw

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers...

Memory corruption

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object aka ICO component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted HTML...

CVE-2010-2991

Affected software: Citrix ICA Client (ICA Client ActiveX Object ICO) in Citrix Online Plug-in for Windows, used with XenApp/XenDesktop, before 12.0.3. Vulnerability details: The IICAClient interface allows a crafted HTML document that triggers reading of a .ICA file, leading to remote code execut...

CVE-2010-2990

CVE-2010-2990 affects Citrix components (Citrix Online Plug-in for Windows/Mac XenApp & XenDesktop; ICA Client for Linux/Solaris; Citrix Receiver for Windows Mobile) with a heap offset overflow allowing remote arbitrary code execution via a crafted HTML, .ICA file, or ICA graphics packet. Affecte...

CVE-2010-2990

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers...

CVE-2010-2991

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object aka ICO component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted HTML...

Low: Red Hat Security Advisory: Red Hat Directory Server security and enhancement update

Updated Red Hat Directory Server and related packages that fix one security issue, multiple bugs, and add enhancements are now available as Red Hat Directory Server 8.2. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System...

JDK unspecified vulnerability in JavaWS/Plugin component

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect availability via unknown vectors...

JDK unspecified vulnerability in JWS/Plugin component

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

KLA10117 ACE vulnerability in Citrix XenApp Online plug-in

An unspecified vulnerability was found in the Citrix XenApp Online plug-in. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network via a specially designed web site Original advisories Citrix bulletin Related products...

JDK unspecified vulnerability in JWS/Plugin component

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

JDK unspecified vulnerability in JavaWS/Plugin component

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect availability via unknown vectors...

Oracle WebLogic Server Plug-in HTTP Injection

The remote web server is using the WebLogic plug-in for Apache, IIS, or Sun web servers, a module included with Oracle formerly BEA WebLogic Server and used to proxy requests from an HTTP server to WebLogic. The version of this plug-in on the remote host is affected by an HTTP injection...

Mozilla Repatches Firefox Plug-In

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before. Read the full article. Computerworld...