 |
|
|
|
| Opera DoS | | Published: |  | 12.02.2010 | | Source: |  | INJ3CT0R.COM | | SecurityVulns ID: |  | 10614 | | Type: |  | client | | Level: |  | 5/10 | | Description: |  | Large number of nested tags leads to buffer overflow. |
Microsoft Office applications multiple security vulnerabilities
updated since 10.02.2010 | | Published: | | 12.02.2010 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10602 | | Type: | | client | | Level: | | 7/10 | | Description: | | Buffer overflow on Microsoft office files parsing, multiple memory corruptions on Microsoft PowerPoint fiels parsing. |
| Affected: |  | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2004 for Mac | | CVE: |  | CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow.") | | | | CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability.") | | | | CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability.") | | | | CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability.") | | | | CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.") | | | | CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability.") | | | | CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability.") |
| Original document |  | IDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability (12.02.2010) |
| | | IDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (12.02.2010) |
| | | IDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability (12.02.2010) |
| | | SECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010) |
| | | ZDI, ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability (10.02.2010) |
| | | ZDI, TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability (10.02.2010) |
| | | CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability (10.02.2010) |
| | | SECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010) |
| | | MICROSOFT, Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) (10.02.2010) |
| | | MICROSOFT, Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) (10.02.2010) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 12.02.2010 | | Source: | | | | SecurityVulns ID: | | 10613 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | OTRS : otrs 2.4 | | CVE: | | CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.) |
| HP DreamScreen information leak | | Published: | | 12.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10615 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : DreamScreen 100 | | | | HP : DreamScreen 130 | | CVE: | | CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.) |
| HP ProLiant Support Pack multiple security vulnerabilities | | Published: | | 12.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10616 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Code execution, information leak. |
|
|
|
|
|
|
|
|
