[SECURITY] Fedora 8 Update: nagios-2.10-5.fc8

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

[SECURITY] Fedora 7 Update: nagios-2.10-3.fc7

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

Buffer overflow

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock codegenbuffer buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com...

CVE-2007-6216

Race condition in the Fibre Channel protocol fcp driver and Devices filesystem devfs in Sun Solaris 10 allows local users to cause a denial of service system hang via some programs that access hardware resources, as demonstrated by the 1 cfgadm and 2 format programs...

Code injection

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact...

Code injection

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions Everyone/Full Control, which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs...

CVE-2007-6033

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions Everyone/Full Control, which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs...

Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it...

CVE-2007-5689

The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...

CVE-2007-5689

The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...

CVE-2002-2361

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing...

CVE-2002-2352

CVE-2002-2352 : The NBActiveX.ocx ActiveX control in NeoBook 4 is vulnerable to.remote attackers who can install and execute arbitrary programs. NVD CVSSv2 base score 5.8 (MEDIUM) with network vector, no authentication. Exploit status and affected versions/root cause are not detailed in the provi...

CVE-2002-2361

The vulnerability CVE-2002-2361 affects Yahoo! Messenger installers (versions 4.0, 5.0, 5.5). The root cause is that the installer does not verify package signatures, allowing a remote attacker to substitute a trojan-laden package via DNS spoofing. Practical impact is installation of unauthentica...

CVE-2007-5689

The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...

CVE-2007-5618

CVE-2007-5618 refers to an unquoted Windows search path vulnerability in VMware products (Workstation, Player, Server, ACE) prior to specified fixed versions. The issue allows local users to gain privileges by exploiting improperly quoted paths in Authorization and other services. Affected ranges...

CVE-2003-1378

Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.

DEBIAN-CVE-2007-5373

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...

CVE-2007-3896

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...

Design/Logic Flaw

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...

CVE-2007-3896

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe...