Monthly Archive: October 2010

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers...

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a...

Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a...

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. Date published...

Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted...

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote authenticated users to gain privileges via unknown vectors. Date published : 2010-10-22 http://www.securityfocus.com/bid/44265 http://marc.info/?l=bugtraq&m=128768031706686&w=2

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-10-22 http://www.securityfocus.com/bid/44262 http://marc.info/?l=bugtraq&m=128768031706686&w=2

Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Date published : 2010-10-22 http://marc.info/?l=bugtraq&m=128768031706686&w=2 http://marc.info/?l=bugtraq&m=128768031706686&w=2

Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element. Date published : 2010-10-21 http://www.opera.com/docs/changelogs/mac/1063/ http://www.opera.com/docs/changelogs/unix/1063/

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away...

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. Date published : 2010-10-21 http://www.opera.com/docs/changelogs/mac/1063/ http://www.opera.com/docs/changelogs/unix/1063/

Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site....

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. Date published : 2010-10-21 http://www.opera.com/docs/changelogs/mac/1063/...

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary...