Posted on

CVE-2010-0307 (debian_linux, linux_kernel, ubuntu_linux)

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

Posted on

Woltlab Burning Board Datenbank MOD database.php fileid sql injection

A vulnerability was found in Woltlab Burning Board (affected version not known). It has been rated as critical. Affected by this issue is an unknown function of the file database.php of the component Datenbank MOD. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

CVE-2010-0159 (debian_linux, firefox, seamonkey, thunderbird, ubuntu_linux)

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Posted on

CVE-2010-0003 (debian_linux, linux_kernel)

The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.

Posted on

VBZooM contact.php UserID cross site scripting

A vulnerability classified as problematic was found in VBZooM (the affected version is unknown). This vulnerability affects an unknown function of the file contact.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.