Apache 2.2.x < 2.2.25 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,...

Oracle Linux 5 : Moderate: / vim (ELSA-2007-0346)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0346 advisory. 7.0.109-3.3 - use gzip -9n to avoid multilib fileconflicts 7.0.109-3.2 - Let 'modeline' default to off for root - Resolves: bz238259 7.0.109-3.1 - fix modeline...

Novell iPrint Client IPP Response URI handling buffer overflow

Added: 07/05/2013 CVE: CVE-2013-1091 BID: 59612 OSVDB: 92938 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability within the handling...

Novell iPrint Client IPP Response URI handling buffer overflow

Added: 07/05/2013 CVE: CVE-2013-1091 BID: 59612 OSVDB: 92938 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability within the handling...

InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)

require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...

InstantCMS 1.6 Remote PHP Code Execution Vulnerability

This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command...

MGASA-2013-0174 Updated apache packages fix security vulnerabilities

It was found that modrewrite did not filter terminal escape sequences from its log file. If modrewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the modrewrite log file. If a victim viewed the...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

Overview HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities. Description It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute...

Siemens Solid Edge WPHelper ActiveX Control OpenInEditor Method Arbitrary Command Execution

The remote host has the Siemens Solid Edge WebPartHelper ActiveX control installed. This control is affected by a command execution vulnerability. By tricking a user into opening a specially crafted web page, an attacker could potentially execute arbitrary system commands via the 'OpenInEditor'...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

CVE-2013-3666

CVE-2013-3666 affects LG’s Hidden Menu component on Android for the LG Optimus G E973. The vulnerability allows physically proximate attackers to execute shell commands by entering USB Debugging mode and using adb to establish a USB connection, dialing 3845#*973#, navigating to WLAN Test &gt; Wi‑...

Arbitrary Commands Execution Vulnerability in JP1/Integrated Management - TELstaff Alarm View

Overview JP1/Integrated Management - TELstaff Alarm View contains a vulnerability where arbitrary commands may be executed with administrator privilege. Impact A remote user could execute arbitrary commands with administrator privilege by sending an unexpected and crafted message. Solution Please...

Medium: httpd

Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...

CentOS Update for httpd CESA-2013:0815 centos5

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0815 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for httpd CESA-2013:0815 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0815 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for httpd RHSA-2013:0815-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20130513)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially- crafted URL, it would lead to arbitrary web script execution in the context of the...

CentOS 5 / 6 : httpd (CESA-2013:0815)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...