Scientific Linux Security Update : libtiff on SL6.x i386/x86_64

A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff ...

Scientific Linux Security Update : curl on SL4.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...

Scientific Linux Security Update : jasper on SL6.x i386/x86_64

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause...

CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

UBUNTU-CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

CVE-2012-2364

CVE-2012-2364 describes an XSS vulnerability in Moodle’s lib/filelib.php that affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. Remote authenticated users can inject arbitrary script/HTML via an assignment submission with ZIP compression, leading to text/html renderin...

CentOS 6 : busybox (CESA-2012:0810)

Updated busybox packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Low: busybox

Issue Overview: A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or,...

PT-2012-1206 · Apache · Apache Commons Compress

Name of the Vulnerable Software and Affected Versions: Apache Commons Compress versions prior to 1.4.1 Description: The issue concerns a problem with the sorting algorithms in the bzip2 compressing stream, specifically in the BZip2CompressorOutputStream function of Apache Commons Compress. This...

[SECURITY] Fedora 16 Update: openjpeg-1.4-13.fc16

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

Fedora Update for openjpeg FEDORA-2012-9628

Check for the Version of openjpeg OpenVAS Vulnerability Test Fedora Update for openjpeg FEDORA-2012-9628 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 16 Update: lighttpd-1.4.31-1.fc16

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

GLSA-201204-02 : InspIRCd: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201204-02 InspIRCd: Arbitrary code execution A vulnerability in InspIRCd allows DNS compression features to control the number of overflowed bytes sent to the heap-based buffer 'res' in dns.cpp. Impact : A remote attacker could se...

Low: Red Hat Security Advisory: busybox security and bug fix update

Updated busybox packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RedHat Update for libtiff RHSA-2011:0452-01

Check for the Version of libtiff OpenVAS Vulnerability Test RedHat Update for libtiff RHSA-2011:0452-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for libtiff RHSA-2011:0452-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Windows Manage PowerShell Download and/or Execute

This module will download and execute a PowerShell script over a meterpreter session. The user may also enter text substitutions to be made in memory before execution. Setting VERBOSE to true will output both the script prior to execution and the results. This module requires Metasploit:...

[SECURITY] Fedora 15 Update: libpng-1.2.49-1.fc15

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates

The remote ESXi is missing one or more security related Updates from VMSA-2010-0009. Summary ESXi update for ntp and ESX Console OS COS updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo. Relevant releases VMware ESXi 4.0.0 without patch ESXi400-201005401-SG VMware ESX 4.0.0 without...