MySQL 5 - Command Line Client HTML Special Characters HTML Injection

MySQL 5 - Command Line Client HTML Special Characters HTML Injection source: https://www.securityfocus.com/bid/31486/info MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically...

MySQL 5 - Command Line Client HTML Special Characters HTML Injection

source: https://www.securityfocus.com/bid/31486/info MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in...

Gentoo Security Advisory GLSA 200412-01 (scponly)

The remote host is missing updates announced in advisory GLSA 200412-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

SuSE 10 Security Update : opensc, opensc-devel (ZYPP Patch Number 5588)

This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization. CVE-2008-2235 NOTE: Already initialized cards are still vulnerable after this update...

[SECURITY] Fedora 8 Update: libHX-1.23-1.fc8

A library for: - rbtree with key-value pair extension - deques double-ended queues Stacks LIFO / Queues FIFOs - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option argv parser...

CVE-2008-3947

DCL aka the CLI in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line...

CVE-2008-3947

DCL aka the CLI in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line...

Buffer overflow

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

AZL-37061 CVE-2008-3908 affecting package wordnet for versions less than 3.0-43

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

DEBIAN-CVE-2008-3908

Multiple buffer overflows in Princeton WordNet wn 3.0 allow context-dependent attackers to execute arbitrary code via 1 a long argument on the command line; a long 2 WNSEARCHDIR, 3 WNHOME, or 4 WNDBVERSION environment variable; or 5 a user-supplied dictionary aka data file. NOTE: since WordNet...

FreeBSD Ports: rssh

The remote host is missing an update to the system as announced in the referenced advisory. VID a4815970-c5cc-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Design/Logic Flaw

The VMware Consolidated Backup VCB command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process...

CVE-2008-2101

CVE-2008-2101 affects VMware ESX/VCB: the VCB command-line utilities for ESX 3.0.1–3.0.3 and ESX 3.5 pass the password on the command line, enabling local users to obtain credentials by inspecting the process list. The issue is addressed by VMware patches (VCB/ESX updates) for ESX 3.0.1–3.0.3 and...

[oCERT-2008-014] WordNet stack and heap overflows

2008/08/25 2008-014 WordNet stack and heap overflows Description: The WordNet 3.0 Unix library and command-line interface suffer from a number of stack overflows due to their handling of command line arguments, environment variables and data read from user supplied dictionaries. The oCERT team wa...

VMware Consolidated Backup (VCB)用户密码信息泄漏漏洞

BUGTRAQ ID:30937 CVE ID：CVE-2008-2101 CNCVE ID：CNCVE-20082101 VMware ESX Server是一款企业级虚拟计算机软件。 VMware Consolidated BackupVCB命令行工具存在设计问题，本地攻击者可以利用漏洞获得用户密码信息。 VMware Consolidated BackupVCB命令行工具可通过-p命令接收密码，用户登录到服务控制台可以获得通过VCB命令行运行过程中的用户名和密码信息。 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ES...

vim-sanitize.txt

Vim: Arbitrary Code Execution in Commands: K, Control-, g 1. SUMMARY Product : Vim -- Vi IMproved Versions : 3.0--current, possibly older Impact : Arbitrary code execution Wherefrom: Local Original : http://www.rdancer.org/vulnerablevim-K.html Insufficient sanitization can lead to Vim executing...

Ubuntu 8.04 LTS : devhelp, epiphany-browser, midbrowser, yelp update (USN-626-2)

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked...

USN-626-2: Devhelp, Epiphany, Midbrowser and Yelp update

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to cras...

WinZIP <= 8.1 Command Line Local Buffer Overflow Exploit

No description provided by source. / WinZip Command Line Local Buffer Overflow http://securitytracker.com/alerts/2004/Sep/1011132.html http://www.winzip.com/wz90sr1.htm Exploit coded By ATmaCA Web: atmacasoft.com && spyinstructors.com E-Mail: [email protected] Credit to kozan / / Tested with...

Mozilla Foundation Security Advisory 2008-35

Mozilla Foundation Security Advisory 2008-35 Title: Command-line URLs launch multiple tabs when Firefox not running Impact: Critical Announced: July 15, 2008 Reporter: Billy Rios, Ben Turner, Dan Veditz Products: Firefox Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 Description Security researcher Bil...