Code injection

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

CVE-2009-3571

Technical details are not publicly available in the provided documents. This CVE entry has no public details in the supplied records; monitor for updates.

Design/Logic Flaw

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 befo...

x10 MP3 Automatic Search Engine 1.6.5 - includesvideo_ad.php?pic_id Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5 - includesvideoad.php?picid Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability

---------------------------------------------------------------------- PT-2009-05 Positive Technologies Security Advisory CA Internet Security Suite Denial of Service Vulnerability ---------------------------------------------------------------------- --- Affected Software CA Internet Security...

JDK reposition of untrusted applet security icon in X11

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

DragDropCart - '/assets/js/ddcart.php?sid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43478/info DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

[Full-disclosure] Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004

Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004 Release Date. 9-Jul-2009 Vendor Notification Date. 2-Jun-2009 Product. IBM Lotus Instant Messaging and Web Conferencing Sametime Platform. Windows verified, possibly others Affected versions. IBM Lotus Instant Messagin...

Mozilla Firefox 3.5.1 - Error Page Address Bar URI Spoofing

source: https://www.securityfocus.com/bid/35803/info Mozilla Firefox is affected by a URI-spoofing vulnerability. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be...

Debian: Security Advisory (DSA-1795-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1795-1 (ldns)

The remote host is missing an update to ldns announced via advisory DSA 1795-1. OpenVAS Vulnerability Test $Id: deb17951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1795-1 ldns Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation

source: https://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users'...

Researcher to unveil new SQL injection attack

From Dark Reading, by Kelly Jackson Higgins In the last couple of years, SQL injection attacks have become the favorite tactic of pentration testers, cyber criminals and script kiddies alike. But some researchers are taking the technique to a new level. At Black Hat Europe later this month, a...

[Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

---------------------------------------------------------------------- PT-2009-09 Positive Technologies Security Advisory Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities ---------------------------------------------------------------------- --- Affected...

CVE-2009-1177

CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...

Google Chrome Clickjacking Vulnerability

This host is installed with Google Chrome and is prone to clickjacking vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromeclickjackingvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Clickjacking Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Network...

DEBIAN-CVE-2009-0414

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption...

Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability

Title: ------ Cisco Unified IP Phone 7960G and 7940G SIP RTP Header Vulnerability Summary: -------- The Cisco Unified IP Phone 7960G and 7940G SIP do not correctly parse some malformed RTP headers leading to a deterministic denial of service Assigned CVE: ------------- CVE-2008-4444 Details:...

PT-2009-01: PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities

Positive Technologies Research Team has discovered several vulnerabilities in PGP Desktop. 1. The IOCTL handler in pgpdisk.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system. Severity Rating : Severity: Medium Impact: Denial of...