Hardcoded credentials

Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow (CVE-2010-3970)

Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is due t...

Microsoft in Windows hacking warning !

Some versions of Microsoft's Windows operating system are vulnerable to attack from hackers exploiting a flaw in the software that could allow them to remotely take control of a personal computer. The software giant warned of the problem in a special alert. It said it has yet to develop software ...

MS KB2490606: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

If a remote attacker can trick a user on the affected host into opening a specially crafted bitmap file, the attacker could leverage an as-yet unpatched vulnerability in the graphics rendering engine that arises due to its failure to validate the 'biClrUsed' parameter and thereby execute arbitrar...

Microsoft Releases Security Advisory

Microsoft has released security advisory 2490606 to alert users of a vulnerability affecting the Windows Graphics Rendering Engine. Exploitation of this vulnerability may allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. US-CERT...

Microsoft Warns Of Security Hole in Windows Graphics Engine

Microsoft issued an advisory to Windows users about a security vulnerability in a common Windows component that could be used by remote attackers to run malicious code on machines running the Windows XP, Vista and Windows Server 2003 operating systems. The company said on Tuesday that it is...

Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability in the Windows Graphics Rendering Engine because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a...

Fedora Update for galeon FEDORA-2010-18775

Check for the Version of galeon OpenVAS Vulnerability Test Fedora Update for galeon FEDORA-2010-18775 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CVE-2010-4579

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the 1 security information dialog or 2 download dialog...

[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2135-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 21, 2010 http://www.debian.org/security/faq -...

CVE-2010-3342

Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different 1 domain or 2 zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than...

CVE-2010-3770

Multiple cross-site scripting XSS vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via 1 x-mac-arabic, 2 x-mac-farsi, or 3 x-mac-hebrew characters that may b...

CVE-2010-3770

CVE-2010-3770 refers to multiple XSS vulnerabilities in the Mozilla Firefox/SeaMonkey rendering engine. The issue allows remote attackers to inject arbitrary scripts via certain character encodings: x-mac-arabic, x-mac-farsi, or x-mac-hebrew, which may be converted to angle brackets during render...

CVE-2010-3770

Multiple cross-site scripting XSS vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via 1 x-mac-arabic, 2 x-mac-farsi, or 3 x-mac-hebrew characters that may b...

Solarwinds Orion NPM 10.1 Cross Site Scripting

Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...

Fedora Update for freetype FEDORA-2010-15878

Check for the Version of freetype OpenVAS Vulnerability Test Fedora Update for freetype FEDORA-2010-15878 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for poppler FEDORA-2010-15857

Check for the Version of poppler OpenVAS Vulnerability Test Fedora Update for poppler FEDORA-2010-15857 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 3358 / 3361 / 3362)

This security update of the SUSE Linux Enterprise 11 GA kernel updates the kernel to 2.6.27.54 and fixes various security issues and other bugs. The following security issues were fixed : - Multiple integer signedness errors in net/rose/afrose.c in the Linux kernel allowed local users to cause a...

CVE-2010-2962

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

CVE-2010-2962

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...