BSD lpr 2000.05.07/0.48/0.72,lpr-ppd 0.72 Local Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7025/info It has been reported that a vulnerability in the handling of some types of requests exists in lprm. When an attacker sends a maliciously crafted string to a configured printer through the lprm command, it may be...

XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...

Matu FTP 1.74 Client Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4572/info An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a Matu FTP client. If,upon user connection, a FTP server '220' response is of excessive length, a stack-based...

CVE-2014-2610

Directory traversal vulnerability in the Content Acceleration Pack CAP web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117...

CVE-2014-4151

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...

openSUSE Security Update : kernel (openSUSE-SU-2013:1042-1)

The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...

openSUSE Security Update : festival (openSUSE-SU-2010:0756-1)

festivalserver uses an unsafe LDLIBRARYPATH. Local users could exploit that to execute code as another user if that user runs festivalserver. CVE-2010-3996 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)

Mozilla Thunderbird was updated to 3.1.19 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code CVE-2011-3026, %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

openSUSE Security Update : kernel (openSUSE-SU-2013:1005-1)

The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...

CVE-2014-1334

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1...

CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to 1 RX or 2 TX queue numbers or 3 interrupt indices. NOTE: some of these details are obtained from third party information...

CVE-2014-1311

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1...

SuSE 11.3 Security Update : mutt (SAT Patch Number 9023)

The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

Fonality trixbox - 'mac' Remote Code Injection

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

Ubuntu: Security Advisory (USN-2132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS / 12.10 / 13.10 : imagemagick vulnerabilities (USN-2132-1)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memor...

EUVD-2013-4824

Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service device crash and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request...

postgresql: stack-based buffer overflow in datetime input/output

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

CVE-2014-0039

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory...