Authentication flaw

Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies...

Anonymous Clarifies Its Identity and Mission in Recent Statement

On December 10, 2010, Anonymous released a press statement to clarify its identity and objectives. Who is Anonymous? Anonymous, often misunderstood, is not a conventional group. Instead, it is an internet gathering without formal structure. Both Anonymous and the media acknowledge the perceived...

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities

According to its self-reported version number, the instance Apache Tomcat running on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities : - An error exists in several JSP example files that allows script injection...

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

Design/Logic Flaw

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

CVE-2010-4252

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability

Perl CGI.pm is prone to an unspecified security vulnerability related to handling of newlines embedded in header values. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CUPS < 1.4.5 Multiple Vulnerabilities

According to its banner, the version of CUPS installed on the remote host is prior to 1.4.5. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists due to improper allocation of memory for attribute values with invalid string data types. A remote attacker can...

CVE-2010-4302

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing UVC System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the 1 administrator and 2 operator passwords, which makes it easier for local users to obtain sensitive...

OpenJDK JPEG writeImage remote code execution (6963023)

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

Microsoft Word Unchecked Index Value Remote Code Execution (MS10-079; CVE-2010-2750)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in the way that Microsoft Word handles index values inside a specially crafted Word file. The vulnerability is due to an error in Microsoft Word that fails to properly parse specially...

Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)

Mon Oct 4 2010 Marek Kasik 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch Fix comparison. - Add freetype-2.3.11-CVE-2010-2806.patch Protect against negative stringsize. Fix comparison. - Add freetype-2.3.11-CVE-2010-2808.patch Check the total length of collected POST segments. - Add...

CVE-2010-2584

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an ht...

Buffer overflow

Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long 1 DestURL or 2 SourceFile property value...

VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability &#40;CVE-2010-3215&#41;

VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability CVE-2010-3215 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability to...

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

Mozilla Products nsCSSValue Array Index Integer Overflow (CVE-2010-2752)

Mozilla Firefox and Seamonkey are popular open source web browsers from Mozilla Foundation. An integer overflow vulnerability exists in Mozilla products including Firefox, Thunderbird, and SeaMonkey. The vulnerability is due to a 16-bit integer value used in allocating the size of the array class...

FreeBSD -- Integer overflow in bzip2 decompression

Problem Description: When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow...