Integer overflow

Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document...

CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a differe...

CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

CVE-2009-3953

CVE-2009-3953 affects Adobe Reader/Acrobat U3D handling in PDFs. The vulnerability arises from a CLODProgressiveMeshDeclaration array boundary issue in the U3D implementation, allowing remote code execution when processing malformed U3D data. Affected product versions include Acrobat/Reader 9.x p...

CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a differe...

CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration “array boundary issue,” a differe...

Four Questions for Bruce Schneier on the GSM Cipher Crack

Math is hard and cryptography is even harder. So in light of the news that another of the ciphers used to secure traffic on 3G GSM networks has been cracked, we turned to mathematician and cryptographer Bruce Schneier to explain the attack and its ramifications. So here are Schneier’s answer to a...

Multiple D-Link Routers Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications =========================================================== Multiple D-Link Routers Authentication Bypass Vulnerability =========================================================== Multiple D-­Link routers suffer from insecure...

MacOS X 10.5/10.6 libc/strtod(3) buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MacOS X 10.5/10.6 libc/strtod3 buffer overflow Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.: 07.05.2009 - - Pub.: 08.01.2010 CVE: CVE-2009-0689 CWE: CWE-119 Risk: High Remote: Yes Affected Software: - - MacOS 10.6...

CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)

Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and...

Debian Security Advisory DSA 1956-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 1956-1. OpenVAS Vulnerability Test $Id: deb19561.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1956-1 xulrunner Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Ubuntu USN-874-1 (xulrunner-1.9.1)

The remote host is missing an update to xulrunner-1.9.1 announced via advisory USN-874-1. OpenVAS Vulnerability Test $Id: ubuntu8741.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8741.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-874-1 xulrunner-1.9.1...

[SECURITY] [DSA 1963-1] New unbound packages fix DNSSEC validation

------------------------------------------------------------------------ Debian Security Advisory DSA-1963-1 [email protected] http://www.debian.org/security/ Florian Weimer December 23, 2009 http://www.debian.org/security/faq -...

Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-874-1)

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary...

Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-873-1)

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary...

USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the...

NTLM reflection vulnerability — Mozilla

Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application via the browser. If an attacker could get a user to visit a...

How to use the database to crack the md5-vulnerability warning-the black bar safety net

Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...

ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞

BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现，由ISC负责维护，具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录，这是一种缓存中毒的情况。...