CVE-2008-5843

Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in 1 the current working directory or 2 /var/tmp, related to the a pdf90, b pdfjoin, and c pdfnup scripts...

samba

New samba packages are available for Slackware 12.2 and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2009-0022 Here are the details from the Slackware 12.2 ChangeLog:...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found on the Mozilla website: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html...

Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Microsoft Animation...

Microsoft Office Word Document Table Property Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. Exploitation requires that the attacker coerce the target into opening a malicious .DOC file. The specific flaw exists when processing a malformed table property within a...

Slackware 12.0 / 12.1 / current : php (SSA:2008-339-01)

New php packages are available for Slackware 12.0, 12.1, and -current to fix security issues, as well as make improvements and fix bugs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...

Vim Shell Command Injection Vulnerability (Windows)

This host is installed with Vim and is prone to Command Injection Vulnerability. OpenVAS Vulnerability Test $Id: secpodvimshellcmdinjectionvulnwin900411.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: Vim Shell Command Injection Vulnerability Windows Authors: Sujit Ghosal Copyright: Copyright C...

Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-325-01)

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2008-325-01. The te...

Sudo <= 1.6.9p18 (Defaults setenv) Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Sudo = 1.6.9p18 local r00t exploit by Kingcope/2008/www.com-winner.com Most lame exploit EVER! Needs a special configuration in the sudoers file: --- "Defaults setenv" so environ vars are preserved : --- May also need the current users password to be...

DEBIAN-CVE-2008-4863

Untrusted search path vulnerability in BPYinterface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySysSetArgv function...

CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE i...

lynx: .mailcap and .mime.types files read from CWD

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious 1 .mailcap and 2 mime.types files in the current working directory...

Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

NetBSD PPPoE发现脚本远程拒绝服务漏洞

BUGTRAQ ID:30838 CNCAN ID：CNCAN-2008082706 NetBSD是一款基于BSD的操作系统。 NetBSD包含的pppoe4代码处理恶意报文存在问题，远程攻击者可以利用漏洞触发内核访问越界内容而导致内核崩溃，造成拒绝服务攻击。 在客户端和访问集中器之间的会话连接之前，处理PPPoE连接的早期状态的关键代码存在问题。在"discovery"阶段的报文由多个可变长度"tags"装载同一个PPPoE报文中，每个标签将被检查，而且针对全部报文大小的长度进行了验证。不过在长度检查过程中存在一个缺陷，允许把下一个TAG的指针越界移动到报文后最多4字节的位置。...

[slackware-security] python

New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-1679 https://vulners.com/cve/CVE-2008-1721...

[slackware-security] openssl

New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about this issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0891 https://vulners.com/cve/CVE-2008-1672 Upgraded OpenSS...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, and -current to fix XSS security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-5000 https://vulners.com/cve/CVE-2007-6388 Here are the details...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2008-210-01)

New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...

RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs:...

Slackware 12.1 / current : xorg-server (SSA:2008-183-01)

New xorg-server packages are available for Slackware 12.1 and -current to fix security issues in xorg-server 1.4 prior to version 1.4.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...