Fedora 14 : viewvc-1.1.11-1.fc14 (2011-7222)

security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...

Apache Tomcat "@ServletSecurity" annotation security restriction bypass vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: Apache Group Tomcat 7. x Vulnerability description: Apache Tomcat is a popular open source JSP application server program. Apache Tomcat in the realization of the presence of the"@ServletSecurity" annotation security restriction bypass vulnerability, remote attacker could exploi...

CVE-2009-5001

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...

CVE-2009-5001

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...

websudo annotation backwards compatibility (Confluence 3.3)

Following this guide|http://confluence.atlassian.com/pages/viewpage.action?pageId=219021702, I started to use the websudo annotations to secure an XWork action that would process a form in the space admin tab. The plugin is meant to work with Confluence 3.3 and I haven't released a public version...

websudo annotation backwards compatibility (Confluence 3.3)

Following this guide|http://confluence.atlassian.com/pages/viewpage.action?pageId=219021702, I started to use the websudo annotations to secure an XWork action that would process a form in the space admin tab. The plugin is meant to work with Confluence 3.3 and I haven't released a public version...

Fedora Update for sonic-visualiser FEDORA-2010-9774

Check for the Version of sonic-visualiser OpenVAS Vulnerability Test Fedora Update for sonic-visualiser FEDORA-2010-9774 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...

[SECURITY] Fedora 13 Update: sonic-visualiser-1.7.2-1.fc13

Sonic Visualiser is an application for viewing and analysing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

VulnCheck KEV: CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

FotoTagger 2.12.0.0 Buffer Overflow

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """ """ :: """ """ """...

FotoTagger 2.12.0.0 - .XML Buffer Overflow (PoC)

FotoTagger 2.12.0.0 - .XML Buffer Overflow PoC """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: ...

FotoTagger 2.12.0.0 (.XML File) Buffer Overflow PoC

Exploit for unknown platform in category dos / poc =================================================== FotoTagger 2.12.0.0 .XML File Buffer Overflow PoC =================================================== Anti-Security Research Team & Security Institute + Bug : FotoTagger v2.12.0.0 Buffer Overflo...

CVE-2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

Authentication flaw

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...

Adobe Reader 'getAnnots()' Javascript函数远程代码执行漏洞

BUGTRAQ ID: 34736 Adobe Reader是一款PDF文件解析程序。 Adobe Reader处理Javascript存在问题，远程攻击者可以利用漏洞以运行用户权限执行任意代码。 构建包含超长名的注解，在使用'getAnnots' Javascript函数解析时可触发缓冲区溢出，导致以运行Adobe Reader应用程序的安全上下文执行任意代码。 Adobe Acrobat Reader 8.1.4 Adobe Acrobat Reader 9.1 目前没有解决方案提供： http://www.adobe.com/ // //Exploit made by Arr1va...

Adobe Reader 8.1.49.1 - GetAnnots() Remote Code Execution

Adobe Reader 8.1.49.1 - GetAnnots Remote Code Execution // //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to...

Adobe Reader getAnnots Exploit

// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of the pdf. // var memory; function...

Make XWork ParametersInterceptor safe from parameter injection attacks

The XWork ParametersInterceptor is a security nightmare as it gives user input submitted form parameters unfettered access to getter/setter methods on action objects. In addition, the interceptor has been shown in the past to be vulnerable to Unicode attacks. Rather than fight a constant and ofte...

Black Ice软件BiAnno.ocx控件远程栈溢出漏洞

BUGTRAQ ID: 29635 Annotation SDK/ActiveX是Black Ice图形工具包中的图形编辑插件。 Annotation SDK/ActiveX插件所安装的BiAnno Control ActiveX控件（BiAnno.ocx）在处理AnnoSaveToTiff函数参数时存在栈溢出漏洞，如果用户受骗访问了恶意网页并向该函数传送了超长参数的话，就可以触发这个溢出，导致执行任意指令。 Black Ice Annotation SDK/ActiveX Plug-In 10.9.5.0 临时解决方法：...

CVE-2008-2745

Stack-based buffer overflow in BiAnno ActiveX Control BiAnno.ocx in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method...