|
|
4 Dec 2008 |
The 'zip.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.
Vim 7.0 and 7.1 are vulnerable. |
| Securityfocus.com |
|
|
|
|
4 Dec 2008 |
Digiappz Freekot is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit could allow an attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well. |
| Securityfocus.com |
|
|
|
|
4 Dec 2008 |
Microsoft Internet Explorer is prone to a heap-based buffer overflow vulnerability. This vulnerability is due to a boundary condition error that is exposed when passing data to the 'createControlRange()' DHTML method, resulting in corruption of heap-based memory with attacker-supplied data.
This vulnerability could be exploited to execute arbitrary code in the context of the currently logged in user. |
| Securityfocus.com |
|
|
|
|
4 Dec 2008 |
Sun Java Web Start and Java Plug-in are prone to multiple privilege escalation vulnerabilities.
Successful exploits may allow attackers to violate the same-origin policy, disclose sensitive information, bypass security, or read, write and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.
This issue affects the following versions:
JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier |
| Securityfocus.com |
|
|
|
|
4 Dec 2008 |
| It has been reported that WebLogic Server and Express may prone to a user credential theft vulnerability that that may allow a remote attacker to steal sensitive information such as cookie-based authentication credentials. The problem exists because WebLogic Server responds to the HTTP TRACE request by default. Successful exploitation of this issue may allow an attacker to compromise user accounts by gaining access to sensitive header information. This issue may be combined with other attacks such as cross-site scripting, to steal cookie-based authentication credentials. |
| Securityfocus.com |
|
|
|
