http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=603

Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability

Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at the following URL.

http://www.sun.com/software/solaris/

http://jvn.jp/jp/JVN%2361208749
JVN#61208749
Webmin における OS コマンドインジェクションの脆弱性

ウェブベースのシステム管理ツールである Webmin には、許可されていない Webmin ユーザが OS コマンドを実行できる脆弱性があります。

Windows 版 Webmin 1.360 およびそれ以前

Webmin はウェブベースのシステム管理ツールです。Windows 版の Webmin には、OS コマンド実行を許可されていない Webmin ユーザが、細工した URL を入力することにより、OS コマンドを実行できる脆弱性があります。

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5020
Vulnerability Summary CVE-2007-5020
Original release date: 9/21/2007
Last revised: 9/26/2007
Source: US-CERT/NIST
 
Overview
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.

Impact
CVSS Severity (version 2.0):
CVSS v2 Base score: 6.8 (Medium) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6

Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information , Allows unauthorized modification , Allows disruption of service
 

References to Advisories, Solutions, and Tools
External Source:  BUGTRAQ (disclaimer)
Name: 20070920 0day: PDF pwns Windows
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/480080/100/0/threaded
External Source: (disclaimer)

Hyperlink:
 http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

Vulnerable software and versions
Configuration 1
−  Adobe, Acrobat, 8.1, Windows 
−  Adobe, Reader, 8.1, Windows 

Sophos老師說有新的蠕蟲來摟，這次是騙妳點選假的YouTube影片網址
好的老師帶您住天堂，不好的老師帶妳住套房，
那假的連結可以給妳啥？

恭喜您得到半年份 惡意軟體或木馬程式無限多支（反正還會再變種），如果看到「Dudeyour gonna get caught, lol」、「LOL, dude whatare you doing」、「Dude, what if your wife findsthis?」、「Dude dont send that stuff to my home email」、「LOL, that is too cool」的傳說中收到這些電子郵件名稱或內容，您就可以在YouTube Video下載有趣影片，別再相信沒根據的事實了。

雖然從頭到尾都是偽裝成YouTube檢視與下載網頁。但是事實上........都是木馬和蠕蟲....
朋友們.別再手癢亂按了，建議如果想按時，先用左手拿鍵盤敲妳右手.（如果妳不是左撇子的話）

Don't download that YouTube video! New variation of Storm worm drops Ecard disguise for online movie masquerade

Sophos, a world leader in IT security and control, has warned internet users about the latest disguise being used by malware authors in their attempt to infect people's PCs: an email claiming to point to a YouTube video.

Experts at SophosLabs™ have proactively protected customers against a wave of malicious emails that pose as links to a YouTube video. The emails, which have a wide variety of subject lines and message texts, all encourage recipients to click on a link to download an online movie.

Subject lines include the following:

• Dude your gonna get caught, lol
• LOL, dude what are you doing
• Dude, what if your wife finds this?
• Dude dont send that stuff to my home email
• LOL, that is too cool.....

A typical malicious email claiming to point to a YouTube video.

Clicking on a link inside the email will send surfers to a webpage containing a malicious script and a Trojan horse designed to compromise the user's PC and turn it into a zombie.

Clicking on the links in the email takes computer users to a malicious webpage.

Interestingly, the malware that hackers are using to try and infect innocent computer users is from the same families of malware used in the waves of Storm Trojan that wreaked havoc on the internet earlier this year.

"The gang behind these attacks are amongst the most professional we have ever seen - spewing out new variants of their code with multiple disguises in their attempt to infect as many PCs as possible," said Graham Cluley, senior technology consultant for Sophos. "Clicking on the links in the email doesn't take you to YouTube's real website, but the IP address of a compromised PC. If infected, victims' computers can be used by hackers to steal personal information, spam out malware and junk email, or launch distributed denial of service attacks against innocent parties."

Sophos products proactively detect the malware as Troj/JSXor-Gen and Mal/Dorf-E, without requiring an update. Users of other vendors' products are recommended to update their protection and ensure that they are defended from the threats.

"Sophos's proactive protection meant that our millions of users won't have been infected by this latest attack," explained Cluley. "Sophos recommends that everyone on the internet treats security as a priority when they use the web and email, or risk putting their livelihoods at risk."

Last month, Sophos published research revealing the rise of web-based malware in the first half of 2007. With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack.

 <= You can click on the link below for more detail


Star Directory Traversal Vulnerability
Robert Buchholz has reported a vulnerability in Star, which can be exploited by malicious people to compromise a user's system.

Oracle JInitiator "beans.ocx" ActiveX Control Buffer Overflow Vulnerabilities
Will Dormann has reported some vulnerabilities in the Oracle JInitiator "beans.ocx" ActiveX control, which can be exploited by malicious people to compromise a user's system.
 

PostCast Server EasyMail SMTP ActiveX Control Buffer Overflow
rgod has discovered a vulnerability in PostCast Server, which can be exploited by malicious people to compromise a user's system.

Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities
Secunia Research has discovered multiple vulnerabilities in Novell Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Micro CMS "id" SQL Injection
R00T[ATI] has discovered a vulnerability in Micro CMS, which can be exploited by malicious people to conduct SQL injection attacks.

PDFedit "StreamPredictor" Multiple Vulnerabilities
Some vulnerabilities have been reported in PDFedit, which can be exploited by malicious people to compromise a user's system.
 
BEA JRockit Multiple Vulnerabilities
Some vulnerabilities have been reported in JRockit, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or to compromise a vulnerable system.

BEA WebLogic Multiple Vulnerabilities and Security Issues
Some vulnerabilities and security issues have been reported in BEA Weblogic, which can be exploited by malicious people to gain access to sensitive information or to cause a DoS (Denial of Service).

ACTi NVR Server ActiveX Controls Insecure Methods and Buffer Overflow
shinnai has discovered some vulnerabilities in the nvUtility.Utility and the nvUnifiedControl.AUnifiedControl ActiveX controls, which can be exploited by malicious people to manipulate data or compromise a user's system.

 <= You can click on the link below for more detail


InterWorx-CP Multiple Cross-Site Scripting
oz has reported some vulnerabilities in InterWorx-CP, which can be exploited by malicious people to conduct cross-site scripting attacks.

Cisco CallManager / CUCM Cross-Site Scripting and SQL Injection
Some vulnerabilities have been reported in Cisco Unified CallManager and Unified Communications Manager (CUCM), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Debian update for postfix-policyd
Debian has issued an update for postfix-policyd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system

Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

Ubuntu update for tcp-wrappers
Ubuntu has acknowledged a vulnerability in tcp-wrappers, which can be exploited by malicious people to bypass certain security restrictions.

Pakupaku CMS File Upload and Local File Inclusion
GoLd_M has discovered two vulnerabilities in Pakupaku CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Python tarfile Module Directory Traversal and Symlink Vulnerability
Some vulnerabilities have been reported in the Python tarfile module, which can be exploited by malicious people to compromise a vulnerable system.
 
Debian update for lighttpd
Debian has issued an update for lighttpd. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

Doomsday Multiple Vulnerabilities
Luigi Auriemma has reported some vulnerabilities in Doomsday, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system

SSHKeychain Unspecified Security Issues
Some security issues with unknown impact have been reported in SSHKeychain.

eScan Multiple Products Insecure File Permissions
Edi Strosar has discovered a security issue in multiple eScan products, which can be exploited by malicious, local users to gain escalated privileges.

SUSE update for opera
SUSE has issued an update for opera. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise vulnerable system.
 
Apache mod_proxy "date" Denial of Service Vulnerability
A vulnerability has been reported in the Apache mod_proxy module, which can be exploited by malicious people to cause a DoS (Denial of Service).

<= You can click on the link below for more detail


Debian update for rsync
Debian has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
 
Ubuntu update for tar
Ubuntu has issued an update for tar. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

SomeryC "skindir" File Inclusion Vulnerability
Katatafish has reported a vulnerability in SomeryC, which can be exploited by malicious people to compromise a vulnerable system.

Mandriva update for kernel
Mandriva has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and by malicious people to cause a DoS.

Ubuntu update for vim
Ubuntu has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Moon Gallery admin.php File Upload Vulnerability
s0cratex has discovered a vulnerability in Moon Gallery, which can be exploited by malicious users to compromise a vulnerable system.

ACTi NVR Server nvUtility.Utility ActiveX Control Insecure Methods
shinnai has discovered two vulnerabilities in the nvUtility.Utility ActiveX control, which can be exploited by malicious people to manipulate data or compromise a user's system.
 
PhpGedView login.php Cross-Site Scripting Vulnerabilities
Joshua Morin has discovered two vulnerabilities in PhpGedView, which can be exploited by malicious people to conduct cross-site scripting attacks.

BIND 8 Predictable DNS Query IDs Vulnerability
Amit Klein has reported a vulnerability in BIND, which can be exploited by malicious people to poison the DNS cache.

VMWare Workstation vstor-ws60.sys Denial of Service
seppi has reported a vulnerability in VMWare Workstation, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

TortoiseSVN Client Directory Traversal Vulnerability
A vulnerability has been reported in TortoiseSVN, which can be exploited by malicious people to compromise a user's system.

BufferZone redlight.sys Denial of Service
seppi has reported a vulnerability in BufferZone, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

BitchX "MODE" Buffer Overflow
bannedit has reported a vulnerability in BitchX, which can potentially be exploited by malicious people to compromise a user's system.

Motorola Timbuktu Pro Directory Traversal and Buffer Overflows
Some vulnerabilities have been reported in Timbuktu Pro, which can be exploited by malicious users and malicious people to compromise a vulnerable system.

Dynamic Picture Frame "img_url" Cross-Site Scripting
Joshua Morin has reported a vulnerability in Dynamic Picture Frame, which can be exploited by malicious people to conduct cross-site scripting attacks.
 
MSN Messenger Video Conversation Buffer Overflow Vulnerability
wushi has reported a vulnerability in MSN Messenger, which can be exploited by malicious people to compromise a user's system.

HP-UX "get_system_info" Command Configuration Change Weakness
A weakness has been reported in HP-UX, which can lead to unqualified configuration changes.

Helix DNA Server RTSP Buffer Overflow
Mu Security has reported a vulnerability in the Helix DNA Server, which can potentially be exploited by malicious people to compromise a vulnerable system.

PLANET VC-200M Denial of Service Vulnerability
A vulnerability has been reported in the PLANET VC-200M VDSL2 router, which can be exploited by malicious people to cause a DoS (Denial of Service).

Thomson SpeedTouch 2030 Denial of Service Vulnerability
A vulnerability has been reported in the Thomson SpeedTouch 2030 VoIP phone, which can be exploited by malicious people to cause a DoS (Denial of Service).

Tikiwiki "username" Cross-Site Scripting
 A vulnerability has been discovered in Tikiwiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589
Public Advisory: 08.27.07 
Motorola Timbuktu Pro Directory Traversal Vulnerability

I. BACKGROUND
Motorola Inc.'s Timbuktu Pro is a remote control software which allows remote access to a computer's desktop. It is available for Mac OS X and Windows systems and provides integration with Skype and SSH. More information is available from the product web site at the following URL.

II. DESCRIPTION
Remote exploitation of a directory traversal vulnerability in Motorola Inc.'s Timbuktu Pro allows attackers to delete or create files with SYSTEM privileges.

When handling "Send" requests, Timbuktu does not properly check for directory traversal specifiers. Therefore, by including a sequence such as "../../../", an attacker is able to write outside of the intended location. Additionally, if the file already exists, the file is created with a new name. However, if the connection is broken before the transfer completes, Timbuktu will delete the originally specified file name instead of the new name.

GNU tar Directory Traversal Vulnerability
A vulnerability has been reported in GNU tar, which can be exploited by malicious people to compromise a user's system.

eCentrex VOIP Client Component ActiveX Control Buffer Overflow
rgod has discovered a vulnerability in the eCentrex VOIP Client Component ActiveX control, which can be exploited by malicious people to compromise a user's system.
 
Novell Identity Manager Client Login Extension Information Disclosure
A security issue has been reported in the Client Login Extension for Novell Identity Manager, which can be exploited by malicious, local users to disclose sensitive information.
 
Rogue Trooper Asura Engine Packet Handling Buffer Overflow
Luigi Auriemma has reported a vulnerability in Rogue Trooper, which can be exploited by malicious people to compromise a vulnerable system.

Bugzilla Security Issue and Multiple Vulnerabilities
Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to inject shell commands, and by malicious people to conduct cross-site scripting attacks and to disclose potentially sensitive information.
 
Joomla Nice Talk Component "tagid" SQL Injection
ajann has reported a vulnerability in the Nice Talk component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
 
MapServer Multiple Cross-Site Scripting Vulnerabilities
Some vulnerabilities have been reported in MapServer, which can be exploited by malicious people to conduct cross-site scripting attacks.

Soldat Multiple Denial of Service Vulnerabilities
Some vulnerabilities have been reported in Soldat, which can be exploited by malicious people to cause a DoS (Denial of Service).

Unreal Commander Archive Handling Directory Traversal Vulnerability
Gynvael Coldwind has discovered a vulnerability in Unreal Commander, which potentially can be exploited by malicious people to compromise a user's system.

Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions
A weakness has been reported in Cosminexus Application Server, which can potentially allow a server process to perform actions with escalated privileges.

Hitachi DABroker Unspecified Denial of Service Vulnerability
A vulnerability has been reported in Hitachi DABroker, which can be exploited by malicious people to cause a DoS (Denial of Service).

Skulltag Huffman Decompression Heap Overflow Vulnerability
Luigi Auriemma has reported a vulnerability in Skulltag, which potentially can be exploited by malicious people to compromise a vulnerable system.
 
Media Player Classic FLI File Processing Buffer Overflow
wushi has discovered a vulnerability in Media Player Classic, which can be exploited by malicious people to compromise a user's system.
 
Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities
Two vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service).

Ipswitch WS_FTP Server Script Insertion Vulnerability
John Harwold has discovered a vulnerability in Ipswitch WS_FTP Server, which can be exploited by malicious users to conduct script insertion attacks.

Red Hat update for tar
Red Hat has issued an update for tar. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Mandriva update for gimp
Mandriva has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

WordPress Pool Theme URL Cross-Site Scripting Vulnerability
MustLive has discovered a vulnerability in the Pool theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
 
Joomla SimpleFAQ Component "aid" SQL Injection
k1tk4t has discovered a vulnerability in the SimpleFAQ component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Search Engine Builder "searWords" Cross-Site Scripting
MustLive has discovered a vulnerability in Search Engine Builder, which can be exploited by malicious people to conduct cross-site scripting attacks.

IBM AIX BIND Predictable DNS Query IDs Vulnerability
IBM has acknowledged a vulnerability in AIX, which can be exploited by malicious people to poison the DNS cache.

Kolab Server ClamAV Multiple Denial of Service Vulnerabilities
Some vulnerabilities have been reported in Kolab Server, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).

Sun Solaris ATA Disk Driver IOCTLs Denial of Service
Some security issues have been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
Some vulnerabilities have been reported in Trend Micro ServerProtect, which can be exploited by malicious people to compromise a vulnerable system.

Trend Micro Products SSAPI Module Long Path Processing Buffer Overflow
A vulnerability has been reported in Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges or potentially by malicious people to compromise a user's system.

Asterisk SIP Channel Driver Dialog History Memory Exhaustion
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

2wire Routers Cross-Site Request Forgery Vulnerability
hkm has reported a vulnerability in 2wire routers, which can be exploited by malicious people to conduct cross-site request forgery attacks.

OlateDownload Multiple Vulnerabilities
imei addmimistrator has reported some vulnerabilities in OlateDownload, which can be exploited by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

Cisco IP Phone 7940/7960 SIP Message Sequence Denial of Service
The Madynes research team at INRIA Lorraine has reported some vulnerabilities in Cisco IP Phone 7940 and 7960, which can be exploited by malicious people to cause a DoS (Denial of Service).

Sysstat systat.in Insecure Temporary Files
A vulnerability has been reported in Sysstat, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
 
Mandriva update for libvorbis
Mandriva has issued an update for libvorbis. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Mandriva update for rsync
Mandriva has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
 

2007/07/31  Scunia Vulnerability Report
http://secunia.com

PHP-Blogger "pref.db" Security Issue
darthballs has discovered a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information.

Asterisk IAX2 Channel Driver Denial of Service
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

IndexScript "cat_id" SQL Injection Vulnerability
xssvgamer has discovered a vulnerability in IndexScript, which can be exploited by malicious people to conduct SQL injection attacks.

2007/07/30  Scunia Vulnerability Report
http://secunia.com

MLDonkey Network Modules IP Blocking Weakness
A weakness has been reported in MLDonkey, which can be exploited by malicious people to bypass certain security restrictions.

CrystalPlayer MLS Playlist Buffer Overflow
Timq has discovered a vulnerability in Crystal Player Pro, which can be exploited by malicious people to compromise a user's system.

Advanced Webhost Billing System (AWBS) Information Disclosure
Justin Samuel has reported a vulnerability in Advanced Webhost Billing System (AWBS), which can be exploited by malicious users to disclose potentially sensitive information.

Nessus Vulnerability Scanner ScanCtrl ActiveX Control Insecure Methods
Some vulnerabilities have been discovered in Nessus Vulnerability Scanner, which can be exploited by malicious people to overwrite or delete arbitrary files.
 
Dependent Forums "FrmUserName" SQL Injection Vulnerability
Aria-Security Team have reported a vulnerability in Dependent Forums, which can be exploited by malicious people to conduct SQL injection attacks.

phpSysInfo index.php URL Cross-Site Scripting
Doz has discovered a vulnerability in phpSysInfo, which can be exploited by malicious people to conduct cross-site scripting attacks.

IBM AIX Multiple Vulnerabilities

These vulnerabilities exist due to several calls to the gets() function. The gets() function is a deprecated C library function used to read data from standard input into a buffer. This function provides no way to specify the maximum size of the buffer being read into, and therefore allows the buffer to be overflowed.

IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability
Local exploitation of a stack-based buffer overflow vulnerability in the 'capture' program included with IBM Corp.'s AIX operating system allows an attacker to execute arbitrary code with root privileges.

The vulnerability exists within the code that parses terminal control sequences. A long series of control sequences will trigger an exploitable stack-based buffer overflow.

IBM AIX pioout Arbitrary Library Loading Vulnerability
Local exploitation of an arbitrary library loading vulnerability in the 'pioout' program, as included with IBM Corp.'s AIX operating system, allows an attacker to execute arbitrary code with root privileges.

The vulnerability exists due to the application loading an arbitrary shared library provided by the attacker, without dropping privileges. Using the -R command line argument, an attacker can specify a shared library used to parse data coming from the printer.

2007/07/27  Scunia Vulnerability Report
http://secunia.com

Microsoft Windows URI Handling Command Execution Vulnerability
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
 
SUSE update for MozillaFirefox
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information and compromise a user's system.

Sun Solaris BIND Predictable DNS Query IDs Vulnerability
Sun has acknowledged a vulnerability in BIND for Sun Solaris, which can be exploited by malicious people to poison the DNS cache.

McAfee VirusScan ZIP Decompression Vulnerability
Tavis Ormandy has discovered a vulnerability in McAfee VirusScan, which potentially can be exploited by malicious people to compromise a vulnerable system.

http://jvn.jp/

JVNTA07-199A Mozilla 製品における複数の脆弱性 緊急

Mozilla が提供するウェブブラウザやその他の製品には、複数の脆弱性が存在します。

Mozilla Firefox
Mozilla Thunderbird
その他に Mozilla コンポーネントを用いている製品も影響を受ける可能性があります。

Mozilla が提供するウェブブラウザやその他の製品には、複数の脆弱性が存在します。 Mozilla からは、これらの問題を修正した Mozilla Firefox 2.0.0.5 が公開されています。

なお、2007/07/19 現在、Thunderbird 2.0.0.5 はまだ公開されておりません。

2007/07/20 に Thunderbird 2.0.0.5 は公開されました。

想定される影響は各脆弱性によって異なりますが、細工された html ファイルを閲覧した際に、任意のスクリプトを実行されたり、サービス運用妨害 (DoS) 攻撃を受けたり、情報漏えいしたりする可能性があります。

アップデートする

開発元より提供されている最新バージョンへアップデートすることをお奨めします。

JavaScript を無効にする

いくつかの脆弱性に対しては、JavaScript を無効にしたり、Firefox の 機能拡張のひとつである NoScript を使用したりすることで回避することも可能です。 なお、Thunderbird では、JavaScript や Java は初期設定で無効となっています。

2007/07/26  Scunia Vulnerability Report
http://secunia.com


Sun Solaris lbxproxy Privilege Escalation VulnerabA vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to perform certain actions with escalated privileges.ility

Cisco Products Java Secure Socket Extension SSL/TLS Request Denial of Service .Cisco has acknowledged a vulnerability in some products, which can be exploited by malicious people to cause a DoS (Denial of Service).

Ubuntu update for bind .Ubuntu has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

McAfee VirusScan Command Line for Linux ZIP Decompression Vulnerability.
Tavis Ormandy has discovered a vulnerability in McAfee VirusScan Command Line Scanner for Linux, which potentially can be exploited by malicious people to compromise a vulnerable system.


Novell GroupWise Mobile Server Multiple Vulnerabilities
Novell has acknowledged some vulnerabilities in Novell GroupWise Mobile Server, which can be exploited by malicious people to gain knowledge of sensitive information, conduct cross-site scripting attacks, manipulate certain data, or cause a DoS (Denial of Service).

Windows RSH daemon Packet Processing Buffer Overflow Vulnerability
Joey Mengele has discovered a vulnerability in Windows RSH daemon, which can be exploited by malicious users to compromise a vulnerable system.

Sun Java System Application Server JSP Source Code Disclosure
A vulnerability has been reported in Sun Java System Application Server, which can be exploited by malicious people to disclose certain sensitive information.

CA Message Queuing Server Buffer Overflow Vulnerability
IBM ISS X-Force has reported a vulnerability in CA Message Queuing (CAM/CAFT), which can be exploited by malicious people to compromise a vulnerable system.

Cisco Multiple Products Wireless ARP Requests Denial of Service
Some vulnerabilities have been reported in multiple Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).

Mozilla SeaMonkey Multiple Vulnerabilities
Some vulnerabilities have been reported in SeaMonkey, which can potentially be exploited by malicious people to compromise a vulnerable system.


CA Products CHM and RAR File Processing Denial of Service Vulnerabilities
Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS (Denial of Service).

CA eTrust Intrusion Detection CallCode ActiveX Control Insecure Methods
Some vulnerabilities have been reported in CA eTrust Intrusion Detection, which can be exploited by malicious people to compromise a vulnerable system.

Red Hat update for bind
Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

NOD32 Antivirus Multiple File Processing Vulnerabilities
Sergio Alvarez has reported some vulnerabilities in NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.


Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Sergio Alvarez has reported a vulnerability in Panda Antivirus, which can be exploited by malicious people to compromise a vulnerable system.
 

Citrix Access Gateway Multiple Vulnerabilities
Some vulnerabilities and a security issue have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose sensitive information, conduct cross-site request forgery attacks, or to compromise a user's system.

SUSE Update for Multiple Packages
SUSE has issued an update for multiple packages. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to cause a DoS (Denial of Service), by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to cause a DoS, to gain knowledge of potentially sensitive information, and to compromise a user's system.

Ubuntu update for firefox
Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct spoofing and cross-site scripting attacks, or potentially to compromise a user's system.
 
SUSE update for flash-player
SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.

Red Hat update for seamonkey
Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.


Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow
A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

Red Hat update for flash-plugin

Software: Red Hat Enterprise Linux Extras v. 3
Red Hat Enterprise Linux Extras v. 4
RHEL Supplementary (v. 5 server)

Description:

Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.