Monthly Archive: March 2010

Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file. Date published : 2010-03-29...

Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. Date published : 2010-03-29 http://www.securityfocus.com/bid/34788 http://www.exploit-db.com/exploits/8578

Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD,...

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE:...

The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless...

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. Date published : 2010-03-29...

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. Date published : 2010-03-29 http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. Date...

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement,...

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of...

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. Date published...

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings....

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings,...

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute...