105 matches found
SLES9: Security update for clamav
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: clamav For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5016282 within the SuSE...
Gentoo Security Advisory GLSA 200603-15 (crypt-cbc)
The remote host is missing updates announced in advisory GLSA 200603-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-0898
The vulnerability (CVE-2008-0898) affects BEA WebLogic Server 9.0–10.0 JMS distributed queues. In certain configurations, the JMS distributed queue feature mishandles a situation where a client cannot Send a message to a distributed-queue member, allowing remote authenticated users to bypass acce...
Debian Security Advisory DSA 1263-1 (clamav)
The remote host is missing an update to clamav announced via advisory DSA 1263-1. Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:...
SuSE 10 Security Update : clamav (ZYPP Patch Number 2631)
This update to ClamAV version 0.90 fixes various bugs : - A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0897 - A directory traversal in handling of MIME E-Mail headers could be used b...
openSUSE 10 Security Update : clamav (clamav-2632)
This update to ClamAV version 0.90 fixes various bugs : CVE-2007-0897: A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0898: A directory traversal in handling of MIME E-Mail headers cou...
CVE-2007-0898
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. dot dot in the id MIME header parameter in a multi-part message...
CVE-2007-0898
CVE-2007-0898: A directory traversal in clamd of ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. in the id MIME header parameter of a multipart message. The vulnerability affects ClamAV’s clamd component; successful exploitation could enable file overwrite with th...
iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability
Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability iDefense Security Advisory 02.15.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 15, 2007 I. BACKGROUND Clam AntiVirus is a multi-platform GPL anti-virus toolkit. ClamAV is often integrated into mail gateways, and...
[SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 996-1 [email protected] http://www.debian.org/security/ Martin Schulze March 13th, 2006 http://www.debian.org/security/faq -...
CVE-2006-0898
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...
CVE-2006-0898
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...
CVE-2006-0898
CVE-2006-0898 affects the Perl module Crypt::CBC (versions up to 2.16) when running in RandomIV mode, where an 8-byte IV is used. This leads to weaker encryption for ciphers with block sizes larger than 8 bytes (e.g., Rijndael). Multiple connected advisories note a fixed/enhancement path via upda...
CVE-2006-0898
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...
CVE-2005-0898
CVE-2005-0898 describes a cross-site scripting (XSS) vulnerability in the PHP file downloadform.php of the E-Store Kit-2 PayPal Edition. The flaw allows remote attackers to inject arbitrary web script or HTML by supplying a crafted txn_id parameter, potentially impacting users who view the affect...
CVE-2003-0898
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on 1 db2job and 2 db2job2...
CVE-2003-0898
Affected software: IBM DB2 7.2 prior to FixPak 10a, and older versions including 7.1. Vulnerability: local users can overwrite arbitrary files and escalate privileges via a symlink attack on the db2job and db2job2 utilities. Root cause: insufficient access control around symbolic links leading to...
CVE-2002-0898
The CVE-2002-0898 entry affects Opera 6.0.1 and 6.0.2. The flaw arises in the handling of an HTML input element of type=file, where a newline in the value can enable a remote attacker to upload arbitrary files from the client system without user prompting. This represents a client-side security r...
CVE-2001-0898
Opera 6.0 and earlier are affected by a remote information disclosure vulnerability where JavaScript using setTimeout can access data across domains (1) after opening a new window to a different domain, and (2) via about:cache, exposing cookies and cross-domain links. Root cause: cross-origin dat...
CVE-2001-0898
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to 1 access data after a new window to the domain has been opened or 2 access data via about:cache...