| December
12/06 |
Microsoft
Updates for Multiple Vulnerabilities |
(US
CERT) |
|
Systems
Affected: Microsoft Windows; Microsoft Visual Studio; Microsoft
Outlook Express; Microsoft Media Player; Microsoft Internet Explorer;
Microsoft Office 2004 for Mac; Microsoft Office v. X for Mac
Overview:
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Visual Studio, Microsoft Outlook Express,Microsoft
Media Player, and Microsoft Internet Explorer. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on a vulnerable
system.
(click
here for more detail)
|
|
| November
14 / 06 |
Microsoft
Security Updates for Windows, Internet Explorer, and Adobe Flash
|
(US
CERT) |
| |
Systems
Affected: Microsoft Windows; Microsoft Internet Explorer; Adobe
Flash
Overview:Microsoft
has released updates that address critical vulnerabilities in
Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on a vulnerable system.
(click
here for more detail)
|
|
| November
8 /06 |
Mozilla
Products Contain Multiple Vulnerabilities
|
(US
CERT) |
|
Systems
Affected: Mozilla Firefox web browser; Mozilla SeaMonkey web browser;
Mozilla Thunderbird email application; Netscape web browser
Any products based on Mozilla components may also be affected.
Overview: The Mozilla web browser and derived products contain
several vulnerabilities. By taking advantage of one or more of
these vulnerabilities, an attacker may be able to take control
of your computer.
(click
here for more detail)
|
|
| September
13 / 06 |
Apple
QuickTime Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Apple QuickTime on systems running: Apple Mac OS X; Microsoft
Windows
Overview:
Apple QuickTime contains multiple vulnerabilities. Exploitation
of these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.
(click
here for more detail)
|
|
| September
12/ 06 |
Microsoft
Windows and Publisher Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Microsoft Windows; Microsoft Publisher
Overview
: Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows and Microsoft Publisher. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on a vulnerable
system.
(click
here for more detail)
|
|
| August
8/ 06 |
Microsoft
Windows, Office, and Internet Explorer Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Microsoft Windows; Microsoft Office (Windows and Mac);
Microsoft Internet Explorer
Overview:
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Office, and Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on a vulnerable system.
(click
here for more detail)
|
|
| August
2 / 06 |
Apple
Mac Products Affected by Multiple Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Apple Mac OS X version 10.3.9 and earlier (Panther); Apple
Mac OS X version 10.4.7 and earlier (Tiger); Apple Mac OS X Server
version 10.3.9 and earlier; Apple Mac OS X Server version 10.4.7
and earlier; Apple Safari web browser; Apple Mail
Overview:
Apple has released Security Update 2006-004 to correct multiple
vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web
browser, Mail, and other products. The most serious of these vulnerabilities
may allow a remote attacker to execute arbitrary code. Impacts
of other vulnerabilities include bypass of security restrictions
and denial of service.
(click
here for more detail)
|
|
| July
27 / 06 |
Mozilla
Products Contain Multiple Vulnerabilities
|
(US-CERT) |
|
Systems
Affected: Mozilla SeaMonkey; Mozilla Firefox; Mozilla Thunderbird
Any products based on Mozilla components, specifically Gecko, may
also be affected.
Overview:
The Mozilla web browser and derived products contain several vulnerabilities,
the most serious of which could allow a remote attacker to execute
arbitrary code on an affected system.
(click
here for more detail)
|
|
| July
19/06 |
Oracle
Products Contain Multiple Vulnerabilities
|
(US-CERT) |
|
Systems
Affected: Oracle10g Database; Oracle9i Database; Oracle8i Database;
Oracle Enterprise Manager 10g Grid Control; Oracle Application Server
10g; Oracle Collaboration Suite 10g; Oracle9i Collaboration Suite;
Oracle E-Business Suite Release 11i; Oracle E-Business Suite Release
11.0; Oracle Pharmaceutical Applications; JD Edwards EnterpriseOne,
OneWorld Tools; Oracle PeopleSoft Enterprise Portal Solutions
For more information regarding affected product versions, please
see the Oracle Critical Patch Update - July 2006.
Overview: Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service.
(click
here for more detail)
|
|
| July
11 / 06 |
Microsoft
Windows, Office, and IIS Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Microsoft Windows; Microsoft Internet Information Services
(IIS); Microsoft Office; Microsoft Office for Mac; Microsoft Access;
Microsoft Excel and Excel Viewer; Microsoft FrontPage; Microsoft
InfoPath; Microsoft OneNote; Microsoft Outlook; Microsoft PowerPoint;
Microsoft Project; Microsoft Publisher; Microsoft Visio; Microsoft
Word and Word Viewer
Overview: Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows, IIS, and Office. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on a vulnerable system.
(click
here for more detail)
|
|
| June
14/06 |
Microsoft
Windows, Internet Explorer, Media Player, Word, PowerPoint, and
Exchange Vulnerabilities |
(US-CERT) |
|
Systems
Affected: Microsoft Windows; Microsoft Windows Media Player; Microsoft
Internet Explorer; Microsoft PowerPoint for Windows and Mac OS X;
Microsoft Word for Windows; Microsoft Office; Microsoft Works Suite;
Microsoft Exchange Server Outlook Web Access
Overview: Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows, Word, PowerPoint, Media
Player, Internet Explorer, and Exchange Server. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on a vulnerable
system.
(click
here for more detail)
|
|
| June
2/06 |
Mozilla
Products Contain Multiple Vulnerabilities
|
(US-CERT) |
|
Systems
Affected: Mozilla SeaMonkey; Firefox web browser; Thunderbird email
client
Any products based on Mozilla omponents, particularly Gecko, may
also be affected.
Overview:
The Mozilla web browser and derived products contain several vulnerabilities,
the most serious of which could allow a remote attacker to execute
arbitrary code on an affected system.
(click
here for more detail)
|
|
| May
20/ 06 |
Microsoft
Word Vulnerability
|
(US-Cert) |
|
Systems
Affected: Microsoft Word 2003; Microsoft Word XP (2002)
Microsoft Word is included in Microsoft works Suite and Microsoft
Office. Other versions of Word, and other Office programs may
be affected or act as attack vectors.
Overview: A buffer overflow vulnerability in Microsoft Word could
allow an attacker to execute arbitrary code on a vulnerable system.
(click
here for more detail)
|
|
| May
12 / 06 |
Apple
Mac Products Affected by Multiple Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Apple Mac OS X version 10.3.9 (Panther) and version 10.4.6
(Tiger); Apple Mac OS X Server version 10.3.9 and version 10.4.6;
Apple Safari web browser; Apple Mail
Overview: Apple has released Security Update 2006-003 to correct
multiple vulnerabilities affecting Mac OS X, Mac OS X Server,
Safari web browser, Mail, and other products. The most serious
of these vulnerabilities may allow a remote attacker to execute
arbitrary code. Impacts of other vulnerabilities include bypassing
security restrictions and denial of service.
(click
here fore more detail)
|
|
| May
12/ 06 |
Apple
QuickTime Vulnerabilities |
(US-Cert) |
|
Systems
Affected: Apple QuickTime on systems running: Apple Mac OS X; Microsoft
Windows
Overview:
Apple QuickTime contains multiple vulnerabilities. Exploitation
of these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.
(click
here fore more detail)
|
|
| May
9/06 |
Microsoft
Windows and Exchange Server Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Microsoft Windows; Microsoft Exchange Server.
Overview: Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows and Exchange Server. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker toexecute arbitrary code or cause a denial of service
on a vulnerable system.
(click
here for more details)
|
|
| April
19/ 06 |
Oracle
Products Contain Multiple Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Oracle Database 10g; Oracle9i Database; Oracle8i Database;
Oracle Enterprise Manager 10g Grid Control; Oracle Application Server
10g; Oracle Collaboration Suite 10g; Oracle9i Collaboration Suite;
Oracle E-Business Suite Release 11i; Oracle E-Business Suite Release
11.0; Oracle Pharmaceutical Applications; JD Edwards EnterpriseOne,
OneWorld Tools; Oracle PeopleSoft Enterprise Tools; Oracle Workflow;
Oracle Developer Suite 6i
Overview: Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service.
(click
here for more details)
|
|
| April
11/06 |
Microsoft
Windows and Internet Explorer Vulnerabilities |
(US-Cert) |
|
Systems
Affected: Microsoft Windows; Microsoft Internet Explorer
Overview: Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows and Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on a vulnerable system.
(click
here for more details)
|
|
| Mar
22/ 06 |
Sendmail
Race Condition Vulnerability
|
(CERT) |
|
Systems
Affected: Sendmail versions prior to 8.13.6.
Overview:
A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.
(click
here for more details)
|
|
| Mar
16/06 |
Adobe
Macromedia Flash Products Contain Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Microsoft Windows, Apple Mac OS X, Linux, Solaris, or
other operating; systems with any of the following Adobe Macromedia
products installed: Flash Player 8.0.22.0 and earlier: ; Flash Professional
8; Flash Basic; Flash MX 2004; Flash Debug Player 7.0.14.0 and earlier;
Flex 1.5 ; Breeze Meeting Add-In 5.1 and earlier; Adobe Macromedia
Shockwave Player 10.1.0.11 and earlier
Overview: There are critical vulnerabilities in Macromedia Flash
player and related software. Exploitation of these vulnerabilities
could allow aremote, unauthenticated attacker to execute arbitrary
code or cause a denial of service on a vulnerable system.
(click
here for more details)
|
|
| Mar
14/06 |
Microsoft
Office and Excel Vulnerabilities |
(US-Cert) |
|
Systems
Affected: Microsoft Office for Windows and Mac OS X; Microsoft Excel
for Windows and Mac OS X; Microsoft Works Suite for Windows
Overview: Microsoft has released updates that address critical
vulnerabilities in Microsoft Office and Excel. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on a vulnerable
system.
(click
here for more detail)
|
|
| Feb
22/06 |
Apple
Mac OS X Safari Command Execution Vulnerability
|
(US-CERT) |
|
Systems
Affected: Apple Safari running on Mac OS X
Overview:
A file type determination vulnerability in Apple Safari could
allow a remote attacker to execute arbitrary commands on a vulnerable
system.
(click
here for more details)
|
|
| Feb
14/06 |
Microsoft
Windows, Windows Media Player, and Internet Explorer
Vulnerabilities
|
(US-CERT) |
| |
Systems
Affected: Microsoft Windows, Microsoft Windows Media Player, Microsoft
Internet Explorer
Overview:
Microsoft has released updates that address critical vulnerabilities
in Windows, Windows Media Player, and Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on a
vulnerable system.
(click
here for more details)
|
|
| Feb
7/06 |
Multiple
Vulnerabilities in Mozilla Products |
(US
CERT) |
|
Systems
Affected: Mozilla software, including the following, is affected:
Mozilla web browser, email and newsgroup client; Mozilla SeaMonkey;
Firefox web browser; Thunderbird email client
Overview: Several vulnerabilities exist in the Mozilla web browser
and derived products, the most serious of which could allow a
remote attacker to execute arbitrary code on an affected system.
(Please
click here for more detail)
|
|
| Feb
1/06 |
Winamp
Playlist Buffer Overflow |
(US
CERT) |
|
Systems
Affected: Microsoft Windows systems with Winamp 5.12 or earlier.
Overview : America Online has released Winamp 5.13 to correct
a buffer overflow vulnerability. Exploitation of this vulnerability
could allow a remote attacker to execute arbitrary code with the
privileges of the user.
(Please
click here for more detail)
|
|
| Jan
18/06 |
Oracle
Products Contain Multiple Vulnerabilities
|
(US-CERT) |
|
Systems
Affected: Oracle Database 10g; Oracle9i Database; Oracle8i Database;
Oracle Enterprise Manager 10g Grid Control; Oracle Application
Server 10g; Oracle9i Application Server; Oracle Collaboration
Suite 10g; Oracle9i Collaboration Suite; Oracle E-Business Suite
Release 11i; Oracle E-Business Suite Release 11.0; JD Edwards
EnterpriseOne, OneWorld Tools; PeopleSoft Enterprise Portal; Oracle
Workflow
Overview:
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service.
(Please
click here for more detail)
|
|
| Jan
11/06 |
Apple
QuickTime Vulnerabilities |
(US-CERT) |
|
Systems
Affected:Apple QuickTime on systems running: Apple Mac OS X; Microsoft
Windows XP; Microsoft Windows 2000
Overview: Apple has released QuickTime 7.0.4 to correct multiple
vulnerabilities. The impacts of these vulnerabilities include
execution of arbitrary code and denial of service.
(please
click here for more detail)
|
|
| Jan.
5/ 06 |
Update
for Microsoft Windows Metafile Vulnerability
|
(US-CERT)
|
|
Systems
Affected: Systems running Microsoft Windows
Overview: Microsoft Security Bulletin MS06-001 contains an update
to fix a vulnerability in the way Microsoft Windows handles images
in the Windows Metafile (WMF) format.
(please
click here for more details)
|
|
| Dec
28/05 |
Microsoft
Windows Metafile Handling Buffer Overflow
|
(US-CERT)
|
|
Systems
Affected : Systems running Microsoft Windows
Overview:
Microsoft Windows is vulnerable to remote code execution via an
error in handling files using the Windows Metafile image format.
Exploit code has been publicly posted and used to successfully
attack fully-patched Windows XP SP2 systems. However, other versions
of the the Windows operating system may be at risk as well.
(please
click here for more details)
|
|
| Dec
13/05 |
Microsoft
Internet Explorer Vulnerabilities
|
(CERT)
|
|
Systems
Affected: Microsoft Windows; Microsoft Internet Explorer
Overview:
Microsoft has released updates that address critical vulnerabilities
in Internet Explorer (IE). A remote, unauthenticated attacker
could exploit these vulnerabilities to execute arbitrary code
or cause a denial of service on an affected system.
(please
click here for more detail)
|
|
| Nov
8/05 |
Microsoft
Windows Image Processing Vulnerabilities
|
(CERT)
|
|
Systems
Affected: Microsoft Windows 2000; Microsoft Windows XP; Microsoft
Windows Server 2003
Overview: Microsoft has released updates that address critical
vulnerabilitiesin Windows graphics rendering services. A remote,
unauthenticated attacker exploiting these vulnerabilities could
execute arbitrary code or cause a denial of service on an affected
system.
(please
click here for more detail)
|
|
| Oct
19/05 |
Oracle
Products Contain Multiple Vulnerabilities
|
(CERT) |
|
Systems
Affected: Oracle Database Server 10g; Oracle9i Database Server;
Oracle8i Database Server; Oracle8 Database Server; Oracle Enterprise
Manager 10g Grid Control; Oracle Enterprise Manager Application
Server Control; Oracle Enterprise Manager 10g Database Control;
Oracle Application Server 10g; Oracle9i Application Server; Oracle
Collaboration Suite 10g; Oracle9i Collaboration Suite; Oracle
E-Business Suite Release 11i; Oracle E-Business Suite Release
11.0; Oracle Clinical; JD Edwards EnterpriseOne, OneWorld XE;
Oracle Developer Suite; Oracle Workflow
Overview:
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
unauthenticated, remote code execution, information disclosure,
and denial of service.
(Please
click here for more detail)
|
|
| Oct
18/05 |
Snort
Back Orifice Preprocessor Buffer Overflow
|
(CERT) |
| |
Systems
Affected: Snort versions 2.4.0 to 2.4.2; Sourcefire Intrusion
Sensors
Overview:
The Snort Back Orifice preprocessor contains a buffer overflow
that could allow a remote attacker to execute arbitrary code on
a vulnerable system.
(Please
click here for more detail)
|
|
| Oct
11/05 |
Microsoft Windows, Internet Explorer, and Exchange Server Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Microsoft Windows; Microsoft Internet Explorer; Microsoft
Exchange Server
Overview: Microsoft has released updates that address critical
vulnerabilities in Windows, Internet Explorer, and Exchange Server.
Exploitation of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of service
on an affected system.
(Please
click here for more detail)
|
|
| Aug
17/05 |
Apple
Mac Products are Affected by Multiple Vulnerabilities
|
(US-Cert)
|
|
Systems
Affected: Apple Mac OS X version 10.3.9 (Panther) and version
10.4.2 (Tiger); Apple Mac OS X Server version 10.3.9 and version
10.4.2; Apple Safari web browser.
Overview:
Apple has released Security Update 2005-007 to address multiple
vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web
browser, and other products. The most serious of these vulnerabilities
may allow a remote attacker to execute arbitrary code. Impacts
of other vulnerabilities include bypassing security restrictions
and denial of service.
(Please
click here for more detail)
|
|
| Aug
12/05 |
VERITAS
Backup Exec Uses Hard-Coded Authentication Credentials
|
(Cert)
|
|
Systems
Affected: VERITAS Backup Exec Remote Agent for Windows Servers
Overview:
VERITAS Backup Exec Remote Agent for Windows Servers uses hard-coded
administrative authentication credentials. An attacker with knowledge
of these credentials and access to the Remote Agent could retrieve
arbitrary files from a vulnerable system.
(Please
click here for details)
|
|
| July
29/05 |
Cisco
IOS IPv6 Vulnerability |
(US-Cert) |
|
Systems
Affected: Cisco IOS devices with IPv6 enabled.
Overview: Cisco IOS IPv6 processing functionality contains a vulnerability
that could allow an unauthenticated, remote attacker to execute
arbitrary code or cause a denial of service.
(click
here for more details)
|
|
| July
13/05 |
Oracle
Products Contain Multiple Vulnerabilities |
(US-Cert) |
|
Systems
Affected: Numerous, please refer to the link below.
Overview:
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
unauthenticated, remote code execution, information disclosure,
and denial of service.
(click
here for more details)
|
|
| July
12, 2005 |
Microsoft
Windows, Internet Explorer, and Word Vulnerabilities
|
(US-Cert) |
|
Systems
Affected: Microsoft Windows; Microsoft Office; and Microsoft Internet
Explorer.
For more complete information, refer to the Microsoft Security
Bulletin Summary for July, 2005.
Overview:
Microsoft has released updates that address critical vulnerabilities
in Windows, Office, and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code on an affected system.
(click
here for more details)
|
|
| June
29 /05 |
VERITAS
Backup Exec Software is actively being exploited
|
(US-Cert) |
|
Systems
Affected: VERITAS Backup Exec Remote Agent
Overview:
The VERITAS Backup Exec Remote Agent for Windows contains a buffer
overflow that may allow an unauthenticated, remote attacker to
compromise a system and execute arbitrary code with administrative
privileges.
(click
here for more details)
|
|
| June
14/05 |
Microsoft
Windows and Internet Explorer Vulnerabilities |
(US-Cert) |
| |
Systems
Affected: Microsoft Windows; Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for June, 2005.
Overview:
Microsoft has released updates that address critical vulnerabilities
in Windows and Internet Explorer. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute arbitrary
code or cause a denial of service.
(click
here for more details)
|
|
| May
16/ 05 |
Apple
Mac OS X is affected by multiple vulnerabilities
|
(Cert)
|
| |
Systems
Affected: Mac OS X version 10.3.9 (Panther) and Mac OS X Server
Version 10.3.9
Overview:
Apple has released Security Update 2005-005 to address multiple
vulnerabilities affecting Mac OS X and Mac OS X Server. The most
serious of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities addressed
by the update include disclosure of information and denial of
service.
(click
here for more details)
|
|
|
April
27/ 05
|
Oracle
Products Contain Multiple Vulnerabilities
|
(Cert)
|
| |
Systems
affected: Multiple, refer to alert.
Overview:
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
unauthenticated, remote code execution, information disclosure,
and denial of service.
(click
here for more details)
|
|
| April
12/05 |
Multiple
Vulnerabilities in Microsoft Windows Components
|
(Cert)
|
|
Systems
Affected : Microsoft Windows Systems
Overview:
Microsoft has released a Security Bulletin Summary for April,
2005. This summary includes several bulletins that address vulnerabilities
in various Windows applications and components. Exploitation of
some vulnerabilities can result in the remote execution of arbitrary
code by a remote attacker. Details of the vulnerabilities and
their impacts are provided below.
(click
here for more details )
|
|
| Feb
8/05 |
Multiple
Vulnerabilities in Microsoft Windows Components
|
(Cert)
|
| |
Systems
Affected: Microsoft Windows Systems
Overview:
Microsoft has released a Security Bulletin Summary for February,
2005. This summary includes several bulletins that address vulnerabilities
in various Windows applications and components. Exploitation of
some vulnerabilities can result in the remote execution of arbitrary
code by a remote attacker. Details of the vulnerabilities and
their impacts are provided below.
(click
here for more details)
|
|
| Jan
26/05 |
Multiple
Denial-of-Service Vulnerabilities in Cisco IOS
|
(Cert)
|
|
Systems
Affected: Cisco routers and switches running IOS in various configurations.
Overview:
Several denial-of-service vulnerabilities have been discovered
in Cisco's Internet Operating System (IOS). A remote attacker
may be able to cause an affected device to reload the operating
system.
(click
here for more detail)
|
|
| Jan
12/05 |
Microsoft
Windows HTML Help ActiveX Contol Cross-Domain Vulnerability |
(Cert)
|
|
Systems
Affected: Windows 98, Me, 2000, XP, and Server 2003, Internet Explorer
5.x and 6.x and Other Windows programs that use MSHTML.
Overview: The Microsoft Windows HTML Help Activex control contains
a cross-domain vulnerability that could allow an unauthenticated,
remote attacker to execute arbitrary commands or code with the
privileges of the user running the control. The HTML Help control
can be instantiated by an HTML document loaded in Internet Explorer
or any other program that uses MSHTML.
(click
here for more details)
|
|
| Jan
12/05 |
Technical
Cyber Security Alert TA05-012A Multiple Vulnerabilities in Microsoft
Windows Icon and Cursor |
(CERT)
|
|
Systems
Affected : Microsoft Windows Operating Systems excluding Microsoft
Windows XP SP2
Overview:
Microsoft Windows contains multiple vulnerabilities in the way
that it handles cursor and icon files. A remote attacker could
execute arbitrary code or cause a denial-of-service condition.
(click
here for more details)
|
|
| Dec
21/04 |
Exploitation of phpBB highlight parameter vulnerability |
(CERT)
|
|
Systems
Affected: phpBB versions 2.0.10 and prior
Overview:
The software phpBB contains an input validation problem in how
it processes a parameter contained in URLs. An intruder can deface
a phpBB website, execute arbitrary commands, or gain administrative
privileges on a compromised bulletin board.
(click
here for more details)
|
|
| Dec
1/04 |
Update
for Microsoft Internet Explorer HTML Elements Vulnerability
|
(CERT)
|
|
Systems
Affected: Microsoft Windows systems running: Internet Explorer
versions 6 and later (see MS04-040 for affected software and components)
and other programs that host the WebBrowser ActiveX control.
Overview:
Microsoft Security Bulletin MS04-040 contains an update to fix
a buffer overflow vulnerability in Internet Explorer.
(click
here for more details)
|
|
| Nov
11/04 |
Cisco
IOS Input Queue Vulnerability
|
(CERT)
|
|
Systems
Affected: Cisco routers, switches, and line cards running vulnerable
versions of IOS.
The following versions of IOS are known to be affected:12.2(18)EW;
12.2(18)EWA; 12.2(18)S, 12.2(18)SE; 12.2(18)SV; 12.2(18)SW; and
12.2(14)SZ
Overview:
There is a vulnerability in the way Cisco IOS processes DHCP packets.
Exploitation of this vulnerability may lead to a denial of service.
The processing of DHCP packets is enabled by default.
(click
here for more detail )
|
|
| Nov
10/04 |
Buffer
Overflow in Microsoft Internet Explorer |
(US-CERT) |
|
Systems
Affected: Microsoft Windows systems running: Internet Explorer
versions 6.0 and later; previous versions of Internet Explorer
may also be affected; Other programs that host the WebBrowser
ActiveX control
Overview : Microsoft Internet Explorer (IE) contains a buffer
overflow vulnerability that could allow a remote attacker to execute
arbitrary code with the privileges of the user running IE.
(click
here for more detail)
|
|
| Oct
19/04 |
Multiple
Vulnerabilities in Microsoft Internet Explorer
|
(Cert) |
|
Systems
Affected: Microsoft Windows systems running : Internet Explorer
versions 5.01 and later; previous, unsupported versions of Internet
Explorer may also be affected; Programs that use the WebBrowser
ActiveX control (WebOC) or MSHTML rendering engine
Overview:
Microsoft Internet Explorer (IE) contains multiple vulnerabilities,
the most severe of which could allow a remote attacker to execute
arbitrary code with the privileges of the user running IE.
(click
here for more detail)
|
|
| Sept.
17/04 |
Multiple vulnerabilities in Mozilla products
|
(Cert)
|
|
Systems
Affected : Mozilla software, including the following: * Mozilla
web browser, email and newsgroup client; * Firefox web browser;
* Thunderbird email client
Overview:
Several vulnerabilities exist in the Mozilla web browser and derived
products, the most serious of which could allow a remote attacker
to execute arbitrary code on an affected system.
(click
here for more detail)
|
|
| Sept
3, 2004 |
Vulnerabilities
in MIT Kerberos 5
|
(Cert)
|
| |
Systems
Affected: MIT Kerberos 5 versions prior to krb5-1.3.5; Applications
that use versions of MIT Kerberos 5 libraries prior to krb5-1.3.5;
Applications that contain code derived from MIT Kerberos 5.
Overview: The MIT Kerberos 5 implementation contains several vulnerabilities,
the most severe of which could allow an unauthenticated, remote
attacker to execute arbitrary code on a Kerberos Distribution
Center (KDC). This could result in the compromise of an entire
Kerberos realm.
(click
here for more detail)
|
|
| Sept
1, 2004 |
Mutliple
Vulnerabilities in Oracle Products |
(Cert)
|
|
Systems
Affected:
The following Oracle applications are affected: Oracle Database
10g Release 1, version 10.1.0.2; Oracle9i Database Server Release
2, versions 9.2.0.4 and 9.2.0.5; Oracle9i Database Server Release
1, versions 9.0.1.4, 9.0.1.5 and 9.0.4; Oracle8i Database Server
Release 3, version 8.1.7.4; Oracle Enterprise Manager Grid Control
10g, version 10.1.0.2; Oracle Enterprise Manager Database Control
10g, version 10.1.0.2; Oracle Application Server 10g (9.0.4), versions
9.0.4.0 and
9.0.4.1; Oracle9i Application Server Release 2, versions 9.0.2.3
and 9.0.3.1; Oracle9i Application Server Release 1, version 1.0.2.2
Oracle's Collaboration Suite and E-Business Suite 11i contain
some of the vulnerable components and are also affected.
According to Oracle, the following product releases and versions,
and all future releases and versions are not affected: Oracle
Database 10g Release 1, version 10.1.0.3; Oracle Enterprise Manager
Grid Control 10g, version 10.1.0.3 (not yet available); Oracle
Application Server 10g (9.0.4), version 9.0.4.2 (not yet available)
Overview:
Several vulnerabilities exist in the Oracle database Server, Application
Server, and Enterprise Manager software. The most serious vulnerabilities
could allow a remote attacker to execute arbitrary code on an
affected system. Oracle's Collaboration Suite and E-Business Suite
11i contain the vulnerable software and are affected as well.
(click
here for more detail)
|
|
| August
4, 2004 |
Multiple
Vulnerabilities in libpng
|
(Cert)
|
|
Systems
Affected: Applications and systems that use the libpng library.
Overview:
Several vulnerabilities exist in the libpng library, the most
serious of which could allow a remote attacker to execute arbitrary
code on an affected system.
(click
here for more detail)
|
|
| July
30, 2004 |
Critical
Vulnerabilities in Microsoft Windows
|
(Cert)
|
|
Systems
Affected: These vulnerabilities affect the following versions of
Microsoft Internet Explorer: Microsoft Internet Explorer 5.01 Service
Pack 2; Microsoft Internet Explorer 5.01 Service Pack 3; Microsoft
Internet Explorer 5.01 Service Pack 4; Microsoft Internet Explorer
5.5 Service Pack 2; Microsoft Internet Explorer 6; Microsoft Internet
Explorer 6 Service Pack 1; Microsoft Internet Explorer 6 Service
Pack 1 (64-Bit Edition); Microsoft Internet Explorer 6 for Windows
Server 2003; Microsoft Internet Explorer 6 for Windows Server 2003
(64-Bit Edition)
These vulnerabilities affect the following versions of the Microsoft
Windows operating system: Microsoft Windows NT Workstation 4.0
Service Pack 6a; Microsoft Windows NT Server 4.0 Service Pack
6a; Microsoft Windows NT Server 4.0 Terminal Server Edition Service
Pack 6; Microsoft Windows 2000 Service Pack 2, Microsoft Windows
2000; Service Pack 3, Microsoft Windows 2000 Service Pack 4; Microsoft
Windows XP and Microsoft Windows XP Service Pack 1; Microsoft
Windows XP 64-Bit Edition Service Pack 1; * Microsoft Windows
XP 64-Bit Edition Version 2003; Microsoft Windows Server 2003;
Microsoft Windows Server 2003 64-Bit Edition; Microsoft Windows
98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (Me)
Please note that these vulnerabilities my affect any software
that uses the Microsoft Windows operating system to render HTML
or graphics.
Overview:
Microsoft Internet Explorer contains three vulnerabilities that
may allow arbitrary code to be executed. The privileges gained
by a remote attacker depend on the software component being attacked.
For example, a user browsing to an unsafe web page using Internet
Explorer could have code executed with the same privilege as the
user. These vulnerabilities have been reported to be relatively
straightforward to exploit; even vigilant users visiting a malicious
website, viewing a malformed image, or reading an HTML-rendered
email message may be affected.
(click
here for more detail)
|
|
| July
14, 2004 |
Multiple
Vulnerabilities in Microsoft Windows Components and Outlook Express |
(Cert)
|
|
Systems
Affected: Microsoft Windows Systems
Overview:
Microsoft has released a Security Bulletin Summary for July, 2004.
This summary includes several bulletins that address vulnerabilities
in various Windows applications and components. Exploitation of
some
vulnerabilities can result in the remote execution of arbitrary
code by a remote attacker.
(click
here for more detail)
|
|
| July
2, 2004 |
Internet
Explorer Update to Disable ADODB.Stream ActiveX Control
|
(Cert)
|
|
Systems
Affected: Microsoft Windows systems
Overview:
Microsoft has released a security update for Internet Explorer
(IE) that disables the ADODB.Stream ActiveX control. This update
reduces the impact of attacks against cross-domain vulnerabilities
in IE.
(click
here for more detail)
|
|
| June
22, 2004 |
Multiple
Vulnerabilities in ISC DHCP 3 |
(Cert)
|
|
Systems
Affected: ISC DHCP versions 3.0.1rc12 and 3.0.1rc13.
Overview:
Two vulnerabilities in the ISC DHCP allow a remote attacker to
cause a denial of the DHCP service on a vulnerable system. It
may be possible to exploit these vulnerabilities to execute arbitrary
code on the system.
(click
here for more detail)
|
|
| June
11, 2004 |
Cross-Domain
Redirect Vulnerability in Internet Explorer
|
(Cert)
|
|
Systems
Affected: Microsoft Windows systems
Overview: A cross-domain vulnerability in Internet Explorer (IE)
could allow an attacker to execute arbitrary code with the privileges
of the user running IE.
(click
here for more detail)
|
|
| June
8, 2004 |
Technical
Cyber Security Alert TA04-160A
SQL Injection Vulnerabilities in Oracle E-Business Suite
|
(Cert)
|
|
Systems
Affected: Concurrent Versions System (CVS) versions prior to 1.11.16;
CVS Features versions prior to 1.12.8.
Overview:
A heap overflow vulnerability in the Concurrent Versions System
(CVS) could allow a remote attacker to execute arbitrary code
on a vulnerable system..
(click
here for more detail)
|
|
|
|
|
|
