63 matches found
Fedora 23 : glibc-2.22-6.fc23 (2015-7174c4d68d)
This update re-adds large file support to the openat function, removes support for the LDPOINTERGUARD environment variable which could be used to weaken security protections in ATSECURE/SUID binaries, and adds function pointer obfuscation to the TLS destructor list. Note that Tenable Network...
CVE-2015-1781
Buffer overflow in the gethostbynamer and other unspecified NSS functions in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer...
CVE-2015-1781
Buffer overflow in the gethostbynamer and other unspecified NSS functions in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer...
Michael Kohn Ringtone Tools 2.22 EMelody File Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12010/info Ringtone Tools is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive...
PHP ICalender 2.22 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18721/info PHP iCalender is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser...
Kshop 2.22 'kshop_search.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30576/info Kshop is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of ...
openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)
update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...
Mozilla SeaMonkey Multiple Vulnerabilities-01 (Nov 2013) - Windows
Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey";...
Integer overflow
Multiple integer overflows in the 1 objallocalloc function in objalloc.c and 2 objallocalloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service crash via vectors related to the "addition of CHUNKHEADERSIZE to the length,"...
CVE-2012-3509
Multiple integer overflows in the 1 objallocalloc function in objalloc.c and 2 objallocalloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service crash via vectors related to the "addition of CHUNKHEADERSIZE to the length,"...
CVE-2012-3509
Multiple integer overflows in the 1 objallocalloc function in objalloc.c and 2 objallocalloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service crash via vectors related to the "addition of CHUNKHEADERSIZE to the length,"...
Fedora 15 : libcap-2.22-1.fc15 (2011-9844)
Update to libcap-2.22, includes fixes for http://cwe.mitre.org/data/definitions/243.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2009-3704
ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service crash via a SIP INVITE request with an empty Call-Info header...
ZoIPer 2.22 - Call-Info Remote Denial of Service
!/usr/bin/python ZoIPer v2.22 Call-Info Remote Denial Of Service. Remote Crash P.O.C. Author: Tomer Bitton Gr33nG0bL1n Tested on Windows XP SP2 , SP3 , Ubuntu 8.10 Vendor Notified on: 21/09/2009 Vendor Fix: Fixed in version 2.24 Library 5324 Bad Chars: \x20 , \x09 import sys import socket import ...
eDContainer v2.22 (lg) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================= eDContainer v2.22 lg Local File Inclusion Vulnerability ========================================================= eDContainer v2.22 lg Local File Inclusion Vulnerability Script :...
Gentoo Security Advisory GLSA 200809-01 (yelp)
The remote host is missing updates announced in advisory GLSA 200809-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
WSN Links 2.22/2.23 - 'vote.php' SQL Injection
WSN Links 2.23 AND 2.22 vote.php - SQL Injection Vulnerability http://scripts.webmastersite.net/wsnlinks/ ---------------------------------------------------------- Bug founded by d3v1l Date: 21.09.2008 [email protected] ----------------------------------------------------------- Greetz tO:-...
yelp: User-assisted execution of arbitrary code
Background yelp is the default help browser for GNOME. Description Aaron Grattafiori reported a format string vulnerability in the windowerror function in yelp-window.c. Impact A remote attacker can entice a user to open specially crafted "man:" or "ghelp:" URIs in yelp, or an application using...
Kshop 2.22 - kshop_search.php Cross-Site Scripting
Kshop 2.22 - kshopsearch.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30576/info Kshop is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in...
Cross site scripting
Cross-site scripting XSS vulnerability in enterbug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."...