ecryptfs-utils security update

82-6.3 - do not forget to set the group id in mount.ecryptfsprivate 82-6.2 - fix regression in ecryptfs-setup-private 82-6.1 - security fixes: - privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab...

HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution

Added: 08/29/2011 CVE: CVE-2011-2404 BID: 49100 OSVDB: 74510 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software HPTicketMgr.dll is vulnerable to directory traversal due to insufficient input validation by the...

StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/49192/info StudioLine Photo Basic ActiveX is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control typically Internet...

StudioLine Photo Basic 3.70.34.0 - NMSDVDXU.dll ActiveX Control Arbitrary File Overwrite

StudioLine Photo Basic 3.70.34.0 - NMSDVDXU.dll ActiveX Control Arbitrary File Overwrite source: https://www.securityfocus.com/bid/49192/info StudioLine Photo Basic ActiveX is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in t...

CentOS Update for xmlsec1 CESA-2011:0486 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

IDrive Online Backup ActiveX Control < 3.4.1 Arbitrary File Overwrite

The version of IDrive installed on the remote Windows host is earlier than 3.4.1 and includes a third-party ActiveX control named UniBasicPack.UniTextBox from CyberActiveX with an insecure method. Specifically, the 'SaveToFile' method can be abused to overwrite arbitrary files. Note that this...

Pro Softnet IDrive Online Backup 3.4.0 - ActiveX &#039;SaveToFile()&#039; Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/48582/info Pro Softnet IDrive Online Backup ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. An attacker can exploit this issue to corrupt and overwrite arbitrary files on a...

Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile() Arbitrary File Overwrite

Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile Arbitrary File Overwrite source: https://www.securityfocus.com/bid/48582/info Pro Softnet IDrive Online Backup ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. A...

Fedora 13 : widelands-0-0.24.build16.fc13 (2011-6110)

Rebase to new upstream release build16 - Besides various enhancements this also fixes an arbitrary file overwrite vulnerability, which could be exploited when connecting to malicious servers for internet play! Note that Tenable Network Security has extracted the preceding description block...

Fedora 15 : widelands-0-0.24.build16.fc15 (2011-6133)

Rebase to new upstream release build16 - Besides various enhancements this also fixes an arbitrary file overwrite vulnerability, which could be exploited when connecting to malicious servers for internet play! Note that Tenable Network Security has extracted the preceding description block...

Debian DSA-2219-1 : xmlsec1 - arbitrary file overwrite

Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. %NASLMINLEVEL 70300 C Tenable Network...

[SECURITY] [DSA 2219-1] xmlsec1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2219-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 18, 2011 http://www.debian.org/security/faq -...

DSA-2219-1 xmlsec1 - file overwrite

Bulletin has no description...

Debian DSA-2151-1 : openoffice.org - several vulnerabilities

Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has...

Mandriva Linux Security Advisory : wget (MDVSA-2010:170)

A vulnerability has been found and corrected in wget : GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a...

tomcat: unexpected file deletion and/or alteration

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

perl security update

CentOS Errata and Security Advisory CESA-2010:0505 An updated perl-Archive-Tar package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

CUPS < 1.4.4 Multiple Vulnerabilities

According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities : - The patch for STR 3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference...

DEBIAN-CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

DEBIAN-CVE-2010-2452

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors...