197 matches found
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism...
CVE-2012-0504
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism...
CVE-2012-0504
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism...
CVE-2012-0504
Technical details for CVE-2012-0504 are not publicly provided in the supplied documents. No affected product/version or root cause is specified here. Monitor for updates in the connected sources.
Google to Stop Using Online CRL Checks for Chrome
In the face of mounting evidence that the CA system is inherently flawed, Google officials are in the process of making changes to the way Chrome handles certificate revocations, and no longer will be using online revocation checks. Instead, Chrome will use the existing update system in the brows...
[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...
Restorepoint 3.2-Evaluation Remote Root Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...
Apple iTunes 10.x软件更新伪造漏洞
CVE ID:CVE-2008-3434 Apple iTunes是一款用于Mac和PC的一款免费应用程序。它可以播放你的全部音乐和视频内容。 Apple iTunes存在一个安全漏洞,允许恶意用户进行伪造攻击。 使用HTTP请求检查新的更新时软件升级机制存在缺陷,攻击者可以利用漏洞通过中间人攻击伪造更新。 要成功利用漏洞需要目标系统没有安装Apple Software Update。 Apple iTunes 10.x 厂商解决方案 Apple iTunes 10.5.1已经修复此漏洞,建议用户下载使用: http://www.apple.com...
Security updates available for Adobe Reader and Acrobat
Security updates available for Adobe Reader and Acrobat Release date: September 13, 2011 Vulnerability identifier: APSB11-24 CVE numbers: CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439,...
Adobe to Patch Flash Zero Day on Windows, Mac on Friday
Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents. Adobe said on Wednesday night that it plans to push out the Flash Playe...
Security updates available for Adobe Reader and Acrobat
Security updates available for Adobe Reader and Acrobat Release date: February 8, 2011 Vulnerability identifier: APSB11-03 CVE Numbers: CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0568, CVE-2011-0570, CVE-2011-0585,...
ICQ 7 Instant Messaging Client RCE Vulnerability
ICQ is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism...
Remote Code Execution in ICQ 7
SUMMARY The ICQ 7 instant messaging client allows remote code execution due to a flaw in its automatic update mechanism. VULNERABLE APPLICATIONS All versions of ICQ 7 for Windows, up to version 7.2, build 3525 which is the current version ICQ 6 and older versions were not tested. Other ICQ client...
ICQ 7 Failed Origin Check
SUMMARY The ICQ 7 instant messaging client allows remote code execution due to a flaw in its automatic update mechanism. VULNERABLE APPLICATIONS All versions of ICQ 7 for Windows, up to version 7.2, build 3525 which is the current version ICQ 6 and older versions were not tested. Other ICQ client...
Mozilla Plugs Drive-By Download Holes in Firefox
Mozilla has released a new version of its flagship Firefox browser to fix 10 vulnerabilities that put Web surfers at risk of code execution attacks. The Firefox 3.5.3 update — available for Windows, Mac and Linux users — patches security holes that could allow drive-by download attacks if a user...
80% of Web Users Running Unpatched Versions of Flash/Acrobat
From ZDNet Dancho Danchev According to a research published by Trusteer earlier this month, 79.5% of the 2.5 million users of their Rapport security service run a vulnerable version of Adobe Flash, with 83.5% also running a vulnerable version of Acrobat. The company has also criticized Adobe by...