Monthly Archive: March 2012

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8...

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary...

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. Date published : 2012-03-28 http://www.securityfocus.com/bid/52734...

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. Date published : 2012-03-28 http://www.securityfocus.com/bid/52733 http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03221589

Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. Date published :...

Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. Date published : 2012-03-27 http://www.opera.com/docs/changelogs/unix/1162/ http://www.opera.com/support/kb/view/1015/

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area....

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. Date published : 2012-03-27 http://www.opera.com/docs/changelogs/mac/1162/ http://www.opera.com/docs/changelogs/unix/1162/

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. Date published : 2012-03-27 http://www.opera.com/docs/changelogs/mac/1162/ http://www.opera.com/docs/changelogs/unix/1162/

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information. Date...

Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files...

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. Date published : 2012-03-27 http://www.opera.com/docs/changelogs/mac/1162/ http://www.opera.com/docs/changelogs/unix/1162/

@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. Date published : 2012-03-27 http://www.kb.cert.org/vuls/id/743555 http://en.securitylab.ru/lab/PT-2011-48

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .....