Security Pros React to Potential Federal Data Law

A federal cybersecurity law edged closer to reality late last week when the Senate Judiciary Committee approved a bill to protect the personal data of Americans. The bill is a bipartisan effort sponsored by Chairman Patrick Leahy, D-Vt., and co-sponsored by former Chairman Orrin Hatch, R-Utah, th...

Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)

Portable Document Format PDF is a file format for documents based on the PostScript description language. One of the products that is widely used to read PDF files is Adobe Acrobat Reader. This product is available on different platforms, including many versions of UNIX and Linux. There is a...

Rising Antivirus 2009 Privilege Escalation

No description provided by source. Application: Rising Antivirus 2009 Platforms: Windows XP Professional SP2 Exploitation: Privilege Escalation Date: 2009-10-26 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code N/A =============== 1 Introduction...

{PRL} Rising Antivirus 2009 Privilege Escalation

Application: Rising Antivirus 2009 Platforms: Windows XP Professional SP2 Exploitation: Privilege Escalation Date: 2009-10-26 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code N/A =============== 1 Introduction...

Memory corruption

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory...

CVE-2009-2507

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...

CVE-2009-2904

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

Symantec Altiris Deployment Solution ActiveX File Download (CVE-2009-3028)

The Symantec Altiris Deployment Solution software provides tools to deploy and configure software across hardware platforms and operating systems. A remote program execution vulnerability exists in Symantec Altiris Deployment Solution. The vulnerability is caused due to the Altiris.AeXNSPkgDL.1...

[SECURITY] Fedora 10 Update: postgresql-8.3.8-1.fc10

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

[SECURITY] Fedora 11 Update: postgresql-8.3.8-1.fc11

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

CVE-2008-7125

pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information...

CVE-2008-7125

pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information...

CVE-2008-7125

Vulnerability CVE-2008-7125 affects Ariadne pphoto before 2.6. Remote authenticated users with certain privileges can execute arbitrary shell commands via vectors related to PINP programs and the annotate command. Root cause involves command execution via those vectors; impact is arbitrary code e...

CVE-2008-7022

Insecure method vulnerability in ChilkatMailv79.dll in the Chilkat Software IMAP ActiveX control ChilkatMail2.ChilkatMailMan2.1 allows remote attackers to execute arbitrary programs via the LoadXmlEmail method...

CVE-2008-7022

Insecure method vulnerability in ChilkatMailv79.dll in the Chilkat Software IMAP ActiveX control ChilkatMail2.ChilkatMailMan2.1 allows remote attackers to execute arbitrary programs via the LoadXmlEmail method...

Design/Logic Flaw

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2...

Description of the security update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package: July 28, 2009

Describes a security update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package that is dated July 28, 2009.INTRODUCTIONMicrosoft has released security bulletin MS09-035. To view the complete security bulletin, visit one of the following Microsoft Web sites:Home...

GLinks 2.1 (cat) Remote Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= GLinks 2.1 cat Remote Blind SQL Injection Vulnerability ========================================================= + GLinks v2.1 cat Remote Blind SQL Injection Vulnerability + Softwa...