RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMed...

[slackware-security] seamonkey

New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/seamonkey-2.0.6-i486-1slack13.1.txz: Upgraded. This release fixes some more security vulnerabilities. For more...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 13.1 and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/mozilla-thunderbird-3.0.6-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see:...

[slackware-security] cups

New cups packages are available for Slackware 13.1 and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/cups-1.4.4-i486-1slack13.1.txz: Upgraded. Fixed a memory allocation error in texttops. Fixed a Cross-Site Request Forgery CSRF that coul...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 13.1 and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/mozilla-thunderbird-3.0.5-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see:...

2DayBiz Job Site Script - SQL Injection

$------------------------------------------------------------------------------------------------------------------- $ 2daybiz Job site Script SQL injection $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :http://www.2daybiz.com/realestateportalscript.html $ Date :06/24/2010 $ $ $Exploit...

IT-Grundschutz M4.093: Regelmäßige Integritätsprüfung

IT-Grundschutz M4.093: Regelmäßige Integritätsprüfung ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94209 Diese Prüfung bezieht sich auf die 10. Ergänzungslieferung 1...

FreeBSD jail escape

It's possible to access current working directory...

[SECURITY] Fedora 11 Update: kdetoys-4.4.3-1.fc11.1

kdetoys includes: amor: Amusing Misuse Of Resources put's comic figures above your windows kteatime: makes sure your tea does not get too strong ktux: Tux-in-a-Spaceship screen saver kweather: display the current weather outside...

Mac OS X : Java for Mac OS X 10.5 Update 7

The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 7. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary co...

[slackware-security] sudo

New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. Here are the details from the Slackware 13.0 ChangeLog: patches/packages/sudo-1.7.2p6-i486-1slack13.0.txz: Upgraded. This update fixes security issues...

sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

DEBIAN-CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

nss_db: Information leak due the DB_CONFIG file read from current working directory

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...

Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of...

Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of...

Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 13.0 and -current to fix security issues. More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vulnerabilities/firefox36.html Here are the details from the Slackware 13.0 ChangeLog:...

KVM: Check cpl before emulating debug register access

The handledr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level CPL before accessing a debug register, which allows guest OS users to cause a denial of service trap on the host OS via a crafted application...