MGASA-2013-0378 Updated munin packages fixes two security vulnerabilities

Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master CVE-2013-6048. A...

NagiosQL 3.2.0 SP2 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 II. BACKGROUND ------------------------- NagiosQL is a web based administration tool designed for Nagios, but might also work with forks. It helps you to easily build a complex...

OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related ...

OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related ...

BoltWire 3.5 Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: March 20th, 2013 - Last revised: March 25th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2651...

MS13-085: Description of the security update for Microsoft Office 2010 (Oart.dll): October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validate data when they parse specially crafted Office files.INTRODUCTIONMicrosoft has released security bulletin MS13-085. To view the complete security bulletin, go...

MS13-085: Description of the security update for Microsoft Excel 2013: October 8, 2013

This security update addresses the vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files.INTRODUCTIONMicrosoft has released security bulletin MS13-085. To view the complete security bulletin, visit one of...

MS13-084: Description of the security update for Excel Services in SharePoint Server 2013: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-084: Description of the security update for Excel Services in Microsoft SharePoint Server 2010: October 8, 2013

This security update addresses the vulnerabilities by correcting how affected Microsoft software validates data when parsing specially crafted Office files and by changing configuration of SharePoint pages to help provide additional protection against clickjacking attacks.INTRODUCTIONMicrosoft ha...

MS13-073: Vulnerabilities in Microsoft Excel could allow remote code execution: September 10, 2013

This security update addresses the vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files and by correcting how the XML parser used by Excel resolves external entities within a specially crafted...

Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

MGASA-2013-0227 Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Updated squid packages fix security vulnerability

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

squid -- denial of service

Squid project reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service...

Oracle Linux 5 : kernel (ELSA-2011-0927)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0927 advisory. - Revert: xen hvm: svm support cleanups Andrew Jones 703715 702657 CVE-2011-1780 - Revert: xen hvm: secure svmcraccess Andrew Jones 703715 702657...

UBUNTU-CVE-2013-4078

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service application crash via a crafted packet...

Design/Logic Flaw

data/class/pages/forgot/LCPageForgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request...

Novell iPrint Client IPP Response Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...