Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callba...

Slackware 13.0 / current : gzip (SSA:2010-060-03)

New gzip packages are available for Slackware 13.0 64-bit and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-060-03. The text itself is copyright C...

IT-Grundschutz M5.008: Regelmäßiger Sicherheitscheck des Netzes

IT-Grundschutz M5.008: Regelmäßiger Sicherheitscheck des Netzes. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95050 Diese Prüfung bezieht sich auf die 10...

[slackware-security] pidgin

New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2010-0013 Here are the details from the Slackware 13.0...

Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when specific elements are used with...

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94194 Diese Prüfung bezieht sich auf die 11...

libtool: libltdl may load and execute code from a library in the current directory

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file...

Slackware 12.2 / 13.0 / current : seamonkey (SSA:2009-352-01)

New seamonkey packages are available for Slackware 12.2, 13.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-352-01. The text itself is copyright...

libtool: libltdl may load and execute code from a library in the current directory

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file...

dstat insecure module search path

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

DEBIAN-CVE-2009-3736

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file...

DEBIAN-CVE-2009-3894

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

CVE-2009-3894

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

libtool -- Library Search Path Privilege Escalation Issue

Secunia.com Do not attempt to load an unqualified module.la file from the current directory by default since doing so is insecure and is not compliant with the documentation...

Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2009-320-01)

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-320-01. The text...

openssl

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2009-3555 Here are the details from the Slackware...

Microsoft Internet Explorer Event Object Type Double-Free Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the copy constructor for a...

HEAT Call Logging 8.01 SQL Injection

= ;otokoyama; = -=HEAT Call Logging Version 8.01=- "The HEAT family is a comprehensive service solution, combining core technologies with a variety of expansion options, so any enterprise can build a tailored solution." -=web=- http://www.frontrange.com/heat.aspx -=attack=- U:' OR HEATPass IS NOT...

CVE-2008-7171

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...