FAQ

US-CERT

Syndicate content
US-CERT publishes information on a wide variety of vulnerabilities. Descriptions of these vulnerabilities are available from this web page in a searchable database format, and are published as "US-CERT Vulnerability Notes". The notes are very similar to alerts, but they may have less complete information. In particular, solutions may not be available for all the vulnerabilities in this database.
Updated: 1 min 38 sec ago

VU#940193: Microsoft Windows automatically executes code specified in shortcut files

Thu, 15/07/2010 - 15:54
Microsoft Windows automatically executes code specified in shortcut(LNK and PIF)files.
Categories: US-CERT

VU#541921: ISC DHCP server fails to handle zero-length client identifier

Wed, 14/07/2010 - 21:06
A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit,resulting in a denial of service.
Categories: US-CERT

VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings

Mon, 12/07/2010 - 22:34
Cisco Industrial Ethernet 3000(IE 3000)Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1,contain well-known,hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.
Categories: US-CERT

VU#643615: libpng fails to limit number of rows in header

Fri, 02/07/2010 - 22:34
Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header.
Categories: US-CERT

VU#173009: Snare Agent web interface cross-site request forgery vulnerabilities

Tue, 29/06/2010 - 22:24
The Snare Agent web interface is susceptible to cross-site request forgery attacks.
Categories: US-CERT

VU#251133: S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs

Thu, 24/06/2010 - 22:33
S2 NetBox and related products do not adequately restrict access to node logs,backups,and employee photographs. A remote,unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks.
Categories: US-CERT

VU#221257: Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution

Thu, 17/06/2010 - 16:09
The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads,which can allow a remote,unauthenticated attacker to download and execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#578319: Microsoft Windows Help and Support Center URI processing vulnerability

Thu, 10/06/2010 - 23:46
The Microsoft Windows Help and Support Center application fails to properly sanitize hcp://URIs,which can allow a remote,unauthenticated attacker to execute arbitrary commands.
Categories: US-CERT

VU#486225: Adobe Flash ActionScript AVM2 newfunction vulnerability

Mon, 07/06/2010 - 23:46
Adobe Flash contains a vulnerability in the handling of the ActionScript newfunction instruction,which can allow a remote,unauthenticated attacker to execute arbitrary code.
Categories: US-CERT

VU#757804: Cisco Network Building Mediator products contain multiple vulnerabilities

Thu, 03/06/2010 - 05:47
Cisco Network Building Mediator(NBM)products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or cause a denial of service.
Categories: US-CERT

VU#245081: Accoria Rock Web Server contains multiple vulnerabilities

Tue, 01/06/2010 - 21:42
Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface.
Categories: US-CERT

VU#943165: Apple Safari window object invalid pointer vulnerability

Mon, 10/05/2010 - 15:01
Apple Safari contains a vulnerability in the handling of window objects,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT

VU#602801: Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities

Thu, 06/05/2010 - 23:13
Consona(formerly SupportSoft)Intelligent Assistance Suite(IAS)contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system.
Categories: US-CERT

VU#886582: Java Deployment Toolkit insufficient argument validation

Tue, 13/04/2010 - 00:53
The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation,allowing an attacker to perform several attacks,including the execution of an arbitrary JAR file.
Categories: US-CERT

Calendar

«  
  »
M T W T F S S
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
31
 
 
Add to calendar