Monthly Archive: May 2010

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to...

SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. Date published : 2010-05-28 http://www.exploit-db.com/exploits/12683 http://osvdb.org/64845

Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. Date published : 2010-05-28 http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html...

Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4)...

Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are...

Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. Date...

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. Date published : 2010-05-28 http://code.google.com/p/chromium/issues/detail?id=42228 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality....

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. Date published : 2010-05-28 http://code.google.com/p/chromium/issues/detail?id=39740 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. Date published :...

Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers. Date published : 2010-05-28 http://code.google.com/p/chromium/issues/detail?id=16535 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html

Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification’s requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. Date published : 2010-05-28 http://code.google.com/p/chromium/issues/detail?id=7713 http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify,...

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges...