Discovered: 03.18.10. Reported: 03.23.10. The formID parameter at http://www.courts.wa.gov/forms/ is vulnerable to SQL injection. The searchTerms parameter at http://www.courts.wa.gov/search/index.cfm is vulnerable to cross-site scripting attacks. Exploiting these vulnerabilities would likely expose sensitive data and may result in compromise of the affected systems.
Discovered/Reported to Accoria: December 2008. Date Reported to US-Cert: March 1, 2010. The Accoria Web Server 1.4.7 for x86 Solaris exhibits multiple vulnerabilities, including cross-site scripting, directory traversal, and format string errors.
Discovered: 01.05.10. Mach exception handling suffers from a vulnerability that allows an attacker to gain access to the memory of a suid process (set user identifier). Due to a vulnerability that is similar to CVE-2006-4392 (found by Dino Dai Zovi of Matasano Security), it is possible for a suid process to inherit the Mach exception ports of the parent.
Release Date: 10.13.09. VUPEN ID: VUPEN/ADV-2009-2891. CVE ID: CVE-2009-2510, CVE-2009-2511. Researchers identified two vulnerabilities in Microsoft Windows relating to the use of X.509 certificates. Attackers could exploit these to bypass security restrictions.
Reported: 10.30.08. Patched: 12.01.08. Disclosed: 06.09.0. ClamAV’s JPEG parser contains code that recursively checks thumbnails, if they are included. Since the thumbnails can be JPEGs, there is no limit to the amount of recursions that can occur. This can lead to stack overflows.
Discovered: January 2009. Reported: 01.20.09. Disclosed: 06.08.09. There is a potential heap corruption bug in Tor when escaping data for logging purposes. Only certain deployments are vulnerable, and the bug can be triggered only from certain locales.
Discovered: 03.03.09. Reported: 03.03.09. Disclosed: 08.05.09. CVE-ID: CVE-2009-2193. The Mac OS X AppleTalk stack contains an array over-indexing vulnerability that, if exploited correctly while AppleTalk is powered on, could lead to a remote system compromise. Even if only partially exploited, it could lead to denial-of-service conditions and cause a kernel panic remotely, effectively shutting down the system.
Reported: 09.29.08. Disclosed: 02.04.09. Patched: 02.05.09. The OpenSolaris kernel exhibits a vulnerability around a userland pointer dereference, and allows both reading from and writing to the kernel.
Discovered: 10.30.08. Reported: 10.30.08. Disclosed: 10.31.08. QNX’s ker_msg_sendv() system call contains an integer overflow that could lead to heap corruption and, if correctly exploited, system compromise. If only partially exploited, this could lead to denial-of-service conditions and kernel panic, effectively shutting down the system.