Monthly Archive: March 2012

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote...

Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via...

Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Date published : 2012-03-16 http://www.securityfocus.com/bid/52526 http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html

Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via...

Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. Date published : 2012-03-16 http://www.securityfocus.com/bid/52524 http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html

The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial...

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room....

Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors. Date published : 2012-03-15 http://www.securityfocus.com/bid/52480 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html

Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) application 2.9.2 and 3.7.0 for Android has unknown impact and attack vectors. Date published : 2012-03-15 http://www.securityfocus.com/bid/52495 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1484-vulnerability-in-WaliSMSCN.html

Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium) application 1.12.20110409.1 for Android has unknown impact and attack vectors. Date published : 2012-03-15 http://www.securityfocus.com/bid/52492 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1483-vulnerability-in-MessageForwarder.html

Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors. Date published : 2012-03-15 http://www.securityfocus.com/bid/52491 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html

Unspecified vulnerability in the Textdroid (com.app.android.textdroid) application 2.5.2 for Android has unknown impact and attack vectors. Date published : 2012-03-15 http://www.securityfocus.com/bid/52490 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1481-vulnerability-in-Textdroid.html

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8...

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a...