SA-CONTRIB-2010-082 - Print - Local file read access

The Printer, e-mail and PDF versions "print" module provides printer-friendly versions of content, including a PDF version that is generated by one of three supported generation tools dompdf, TCPDF and wkhtmltopdf. When using the wkhtmltopdf PDF generation tool, that tool is able to access local...

Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)

This host is missing a critical security update according to Microsoft Bulletin MS10-056. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Security Update for the 2007 Microsoft Office System (KB2277947)

A security vulnerability exists in the 2007 Microsoft Office System and the Microsoft Office Compatibility Pack that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Microsoft Word Record RTF Parsing Engine Remote Heap Buffer Overflow Vulnerability

Description Microsoft Word is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed...

Microsoft Word Record RTF Parsing Engine Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

CVE ID: CVE-2009-3737 Siebel Option Pack for IE是Oracle Siebel CRM软件所提供的ActiveX控件。 Siebel Option Pack for IE ActiveX控件没有正确地初始化由NewBusObj方式所使用的内存，用户受骗访问了恶意网页并用特制参数调用该方式就可能导致执行任意代码。 Oracle Siebel Option Pack for IE 7.x 临时解决方法： 将以下文本保存为.REG文件并导入： Windows Registry Editor Version 5.00...

CentOS 4 : firefox (CESA-2010:0500)

An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

MDVA-2009:121 : pulseaudio

Multiple bugs has been identified and corrected in pulseaudio: - alsa: allow configuration of fallback device strings in profiles util: if NULL is passed to papathgetfilename just hand it through alsa: don't hit an assert when invalid module arguments are passed - alsa: fix wording, we are speaki...

MDVA-2010:169 : php-xdebug

It was discovered php-xdebug-2.0.5 did not work properly for php-5.3.2. This advisory upgrades php-xdebug to 2.1.0 RC1 which solves this problem. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C...

ASX To MP3 Converter 3.1.2.1 SEH Exploit

Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit Multiple OS, DEP and ASLR Bypass Date: July 13, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe Version: Mini-Stream Software ASX to MP3 Converter v3.1.2.1.2010.03.30 Evaluation Tested on: Windows...

Fedora 12 : puppet-0.25.4-1.fc12 (2010-1372)

The update from 0.24.x to 0.25.x brings many, many changes and improvements to puppet. The upstream release notes cover them in detail: http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes Of note is that 0.25.x clients do not work with 0.24.x masters, so it is important to update the master...

Fedora 11 : pidgin-sipe-1.9.1-1.fc11 (2010-4830)

Contributed File transfer functionality. File encryption is supported. Jakub Adam, Tomas Hrabik NTLMv2 and NTLMv2 Session Security support pier11 Implemented SIP Authentication Extensions protocol version 4 and 3 pier11 Adoption for commercial UNIX - HP/UX, Irix, Solaris - big endian fixes and...

Fedora 11 : puppet-0.25.4-1.fc11 (2010-1079)

The update from 0.24.x to 0.25.x brings many, many changes and improvements to puppet. The upstream release notes cover them in detail: http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes Of note is that 0.25.x clients do not work with 0.24.x masters, so it is important to update the master...

[SECURITY] Fedora 13 Update: python-paste-1.7.4-1.fc13

These provide several pieces of "middleware" or filters that can be nested to build web applications. Each piece of middleware uses the WSGI PEP 333 interface, and should be compatible with other middleware based on those interfaces...

Fedora Update for squirrelmail FEDORA-2010-10264

Check for the Version of squirrelmail OpenVAS Vulnerability Test Fedora Update for squirrelmail FEDORA-2010-10264 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

RHEL 4 : firefox (RHSA-2010:0500)

An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

Critical: Red Hat Security Advisory: firefox security, bug fix, and enhancement update

Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

Critical: Red Hat Security Advisory: firefox security, bug fix, and enhancement update

An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

[SECURITY] Fedora 13 Update: squirrelmail-1.4.20-3.fc13

SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no JavaScript for maximum compatibility across browsers. It has very few requirements and is very easy to configure and instal...

[SECURITY] Fedora 12 Update: squirrelmail-1.4.20-3.fc12

SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no JavaScript for maximum compatibility across browsers. It has very few requirements and is very easy to configure and instal...