Monthly Archive: January 2011

Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB...

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2011-01-31 http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007158&sliceId=1

Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these...

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the...

Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header. Date published :...

Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ;...

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. Date...

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an...

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec...

Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server...

Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote...

Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document. Date published :...

Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru. Date published : 2011-01-31 http://www.securityfocus.com/bid/46036 http://www.opera.com/docs/changelogs/mac/1101/

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended...