229 matches found
Moderate: Red Hat Security Advisory: haproxy security update
An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2013-1859
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...
Design/Logic Flaw
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...
CVE-2013-1859
The vulnerability CVE-2013-1859 affects the Drupal contributed module Node Parameter Control (6.x-1.x). The module does not properly restrict access to its configuration options, enabling remote attackers to read and edit configuration via unspecified vectors. All 6.x-1.x versions are affected; D...
SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass
This module enables you to limit the visibility of the fields on the node edit form. The module doesn't sufficiently check access before allowing users to view and edit the configuration options allowing anonymous and authenticated users the ability to view and edit the configuration options. CVE...
CVE-2012-5519
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface...
CentOS Update for python-qpid CESA-2012:1269 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Privilege escalation
The Microsoft Office Input Method Editor IME for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the...
Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
This host is missing an important security update according to Microsoft Bulletin MS11-088. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
This host is missing an important security update according to Microsoft Bulletin MS11-088. OpenVAS Vulnerability Test $Id: secpodms11-088.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft Office IME Chinese Privilege Elevation Vulnerability 2652016 Authors: Antu Sanadi Copyright: Copyright c 2011...
MDVA-2011:083 : bind
The default configuration and compiled in options for ISC BIND uses DNSSEC per default which under certain circumstances can result in huge latencies due to the overhead of trying to validate each lookup, and everytime. This has now been disabled in the configuration file...
CentOS Update for openssh CESA-2009:1470 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SAMHAIN v2.8.5 - intrusion detection system
SAMHAIN v2.8.5 - intrusion detection system The samhain open source host-based intrusion detection system HIDS provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been...
Tor 0.2.2.25-alpha released - To Toggle, or not to Toggle & The End of Torbutton!
Tor 0.2.2.25-alpha released - To Toggle, or not to Toggle & The End of Torbutton! Tor 0.2.2.25-alpha fixes many bugs: hidden service clients are more robust, routers no longer overreport their bandwidth, Win7 should crash a little less, and NEWNYM as used by Vidalia's "new identity" buttonnow...
SA-CONTRIB-2011-012 - Spaces - Access bypass
The Spaces module makes sitewide configuration options available to be overridden by individual "spaces" on a Drupal site. Spaces provides a Views module access plugin that does not properly check its permission setting which may allow underprivileged users to visit certain pages. This...
SuSE 11 Security Update : openslp (SAT Patch Number 3317)
The openslp daemon could run into an endless loop when receiving specially crafted packets. CVE-2010-3609 Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration options to openSLP:...
MDVA-2010:184 : net-snmp
It was discovered that the snmpd daemon could segfault with certain configuration options. The updated packages addresses this problem. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Netwo...
Widget properties exposed to third party domains
In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration options for the widget...
xscreensaver 5.01 - Arbitrary File Disclosure Symlink
xscreensaver local arbitrary file disclosure | symlink attack The �xscreensaver� program distributed normally with Xorg can be abused to disclose local files owned by other users also of the root account. Xscreensaver has the setuid bit on by default Example: Opensolaris The xscreensaver...
xscreensaver Symlink Attack
xscreensaver local arbitrary file disclosure | symlink attack The ´xscreensaver´ program distributed normally with Xorg can be abused to disclose local files owned by other users also of the root account. Xscreensaver has the setuid bit on by default Example: Opensolaris The xscreensaver program...