Monthly Archive: December 2008

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to...

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which...

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified...

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/....

IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote...

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause...

Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated...

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. Date published : 2008-12-19 http://www.opera.com/docs/changelogs/linux/963/ http://www.opera.com/support/kb/view/924/

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. Date published : 2008-12-19 http://www.opera.com/docs/changelogs/linux/963/ http://www.opera.com/support/kb/view/924/

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. Date published : 2008-12-19 http://www.opera.com/docs/changelogs/linux/963/ http://www.opera.com/support/kb/view/923/

Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long...

The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. Date published : 2008-12-19 http://www.securityfocus.com/archive/1/499315/100/0/threaded http://www.opera.com/docs/changelogs/linux/963/

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors....

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads...