Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.7-1.fc19

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.7-1.fc20

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

Failing to properly encode user input, several backend components are susceptible to XSS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

CVE-2014-1754

CVE-2014-1754 is a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint Server 2013 (Gold/SP1), SharePoint Foundation 2013 (Gold/SP1), Office Web Apps Server 2013 (Gold/SP1), and SharePoint Server 2013 Client Components SDK. The issue allows remote attackers to inject arbitrary...

Microsoft SharePoint Client Components SDK Multiple Vulnerabilities (2952166)

This host is missing a critical security update according to Microsoft Bulletin MS14-022. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora Update for python-django-horizon FEDORA-2014-5002

Check for the Version of python-django-horizon OpenVAS Vulnerability Test Fedora Update for python-django-horizon FEDORA-2014-5002 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272594 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272594 Version: 1 HPSBMU03032 rev....

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

[SECURITY] Fedora 20 Update: check-mk-1.2.4p2-1.fc20

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

HP Systems Insight Manager < 7.2 Multiple Vulnerabilities

The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the included Flash components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid72963;...

Flip4Mac Memory Corruption - Ver2 (CVE-2007-0466)

A code execution vulnerability has been reported in Telestream Flip4mac Windows Media Components For Quicktime. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Important: Red Hat Security Advisory: piranha security and bug fix update

An updated piranha package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Hyper-V Guest processing skipped (check guest OS VSS state and integration components version)

Challenge Guest VMs will fail to engage VSS when Application-Aware Processing is enabled, generating the error: Error Guest processing skipped check guest OS VSS state and integration components version System.Exception Solution Most Common Solution At the time this article was written in 2014,...

CVE-2013-6024

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors...

International Components for Unicode: Denial of service

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenc...

SOL14969 - BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Important: java-1.6.0-openjdk

Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...

CentOS Update for java CESA-2014:0097 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2014:0097 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Directory traversal

Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-16...