Advisories
Vulnerability Database
PoC
Viruses
Research Lab
Sun Microsystems

SunOS 5.10_x86: ucode driver patch

02 february, 2010

Status: RELEASEDPatch Id: 143913-01***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************
For further information on patching best practices and resources, please
see the Big Admin Patching Center, http://www.sun.com/bigadmin/patches/
***********************************************************************Summary: SunOS 5.10_x86: ucode driver patchDate:  Jan/29/2010Installation Requirements:Reboot after installing this patch to activate the changes delivered.  An alternative may be specified in the Special Install Instructions.Solaris Release: 10_x86Sun OS Release: 5.10_x86Unbundled Product: Unbundled Release: Xref: Topic: SunOS 5.10_x86: ucode driver patchRelevant Architecture: i386BugId's fixed with this patch:6905530

Changes incorporated in this version:

Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Required Patches:127128-11 141445-09 (or greater)

Obsoleted by:  
Files Included in this Patch: /kernel/drv/amd64/ucode
/kernel/drv/ucodeProblem Description: 6905530 processor microcode code can panic when retrieving microcode revisionRevision History:
Patch Installation Instructions: --------------------------------

Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.

The following example installs a patch to a standalone machine:

       example# patchadd /var/spool/patch/123456-07

The following example removes a patch from a standalone system:

       example# patchrm 123456-07

For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.Special Install Instructions: -----------------------------

None.

README -- Last modified date:  Friday, January 29, 2010
Search
National Vulnerability Database

CVE-2010-0985

Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.&nb sp;& ...

16 march, 2010

CVE-2010-0984

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/ac idcat_3.mdb.

16 march, 2010

CVE-2010-0983

PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.

16 march, 2010

CVE-2010-0982

Directory traversal vulnerability in the CARTwebERP (com_car tweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

16 march, 2010

CVE-2010-0981

SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.

16 march, 2010

CVE-2010-0980

SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

16 march, 2010

CVE-2010-0979

Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.

16 march, 2010

CVE-2010-0978

KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

16 march, 2010

CVE-2010-0977

PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

16 march, 2010

CVE-2010-0976

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts.&nbs ...

16 march, 2010

ÐîÑ

Microsoft Windows 2000/XP CHM Notepad Remote Code Execution PoC

Target: Microsoft Windows 2000/XP
Impact: Denial of service

Microsoft Internet Explorer iepeers.dll Use After Free Exploit (meta)

Target: Microsoft Internet Explorer 6.x, 7.x
Impact: Code execution

MS05-20 Internet Explorer DHTML Memory Corruption PoC

Target: Internet Explorer
Impact: Denial of service

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap