CVE-2009-1521 (tivoli_storage_manager_client, tivoli_storage_manager_express) Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1521
Posts Tagged ‘Java’
Adobe Reader ‘getAnnots()’ JavaScript Function Remote Code Execution Vulnerability
Vuln: Adobe Reader ‘getAnnots()’ JavaScript Function Remote Code Execution Vulnerability Adobe Reader ‘getAnnots()’ JavaScript Function Remote Code Execution Vulnerability URL: http://www.securityfocus.com/bid/34736
Adobe confirms new flaw, recommends turning off JavaScript
Adobe confirms new flaw, recommends turning off JavaScript Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability. The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, [...]
Adobe confirms new flaw, recommends turning off JavaScript
Adobe confirms new flaw, recommends turning off JavaScript Adobe has confirmed a vulnerability in its widely used Reader and Acrobat products, and is recommending users disable JavaScript to stay protected. URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/wQscfO6J8nI/
Two Adobe 0-day vulnerabilities, (Wed, Apr 29th)
Two Adobe 0-day vulnerabilities, (Wed, Apr 29th) There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by [...]
Adobe Reader Plagued With Critical JavaScript Vulnerability
Adobe Reader Plagued With Critical JavaScript Vulnerability A critical vulnerability in several versions of Adobe Reader could allow remote hackers to execute malicious code, the US-CERT (U.S. Computer Emergency Readiness Team), warned Tuesday. Adobe has since confirmed the flaw in versions of Adobe Reader 9.1 and 8.1.4, acknowledging in a blog that “all currently supported [...]
Adobe Reader ‘spell.customDictionaryOpen()’ JavaScript Function Remote Code Execution Vulnerability
Vuln: Adobe Reader ‘spell.customDictionaryOpen()’ JavaScript Function Remote Code Execution Vulnerability Adobe Reader ‘spell.customDictionaryOpen()’ JavaScript Function Remote Code Execution Vulnerability URL: http://www.securityfocus.com/bid/34740
Adobe Reader ‘getAnnots()’ Javascript Function Remote Code Execution Vulnerability
Vuln: Adobe Reader ‘getAnnots()’ Javascript Function Remote Code Execution Vulnerability Adobe Reader ‘getAnnots()’ Javascript Function Remote Code Execution Vulnerability URL: http://www.securityfocus.com/bid/34736
1413 (chrome)
CVE-2009-1413 (chrome) Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be [...]
1412 (chrome)
CVE-2009-1412 (chrome) Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by [...]
4031
4031 BAT/TrojanDownloader.Agent.NAG (4), BAT/TrojanDownloader.Ftp.NBZ, BAT/TrojanDownloader.Ftp.NCW (6), BAT/TrojanDownloader.Ftp.NCX, INF/Autorun (3), Java/Generic, JS/Exploit.Agent.AGR, JS/TrojanDownloader.Agent.NPM (2), PDF/Exploit.Pidief.NOY, PDF/Exploit.Pidief.OJC, PDF/Exploit.Pidief.OJD, PDF/Exploit.Pidief.OJE, PDF/Exploit.Pidief.OJF, PDF/Exploit.Pidief.OJG, PDF/Exploit.Pidief.OJH (4), PDF/Exploit.Pidief.OJI, PDF/Exploit.Pidief.OJJ, PDF/Exploit.Pidief.OJK, PDF/Exploit.Pidief.OJL, PDF/Exploit.Pidief.OJM, REG/StartPage.NAD, SWF/TrojanDownloader.Agent.NAM, VBS/Agent.NBD (2), VBS/Agent.NBE (2), VBS/TrojanDownloader.Psyme.NFT (2), W97M/Exploit.Agent.NAB, W97M/Exploit.Agent.NAC, W97M/Exploit.Agent.NAD, Win32/AdProt.AN, Win32/Adware.AntiSpywarePro (2), Win32/Adware.Antivirus2008, Win32/Adware.AVAntiSpyware (2), Win32/Adware.Cinmus (2), Win32/Adware.Coolezweb (4), Win32/Adware.InternetAntivirus (4), Win32/Adware.MSAntispyware2009 (6), Win32/Adware.SpywareProtect2009, Win32/Adware.SuperJuan (2), Win32/Adware.SystemSecurity [...]
Firefox gets an update., (Wed, Apr 22nd)
Firefox gets an update., (Wed, Apr 22nd) We had several readers write in this morning to let us know of Firefox version 3.0.9 being released. (Thanks Kevin, CJ, Sebenste!) For a complete linked list of Firefox vulns: www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.9 MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21 POST data sent to [...]
1312 (firefox, seamonkey)
CVE-2009-1312 (firefox, seamonkey) Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1312
1310 (firefox)
CVE-2009-1310 (firefox) Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1310
1308 (firefox, seamonkey, thunderbird)
CVE-2009-1308 (firefox, seamonkey, thunderbird) Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1308
