Ubuntu 9.04 / 9.10 / 10.04 LTS : pcsc-lite vulnerability (USN-969-1)

It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

Google Releases Chrome 5.0.375.125

Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entr...

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)

$Id: ms02056hello.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Google Releases Chrome 4.1.249.1064

Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...

Directory traversal

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter...

Belkin Bulldog Plus Web Service Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Belkin Bulldog Pl...

McAfee Remediation Client ActiveX Control Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'McAfee...

SafeNet SoftRemote GROUPNAME Buffer Overflow

This module exploits a stack buffer overflow in SafeNet SoftRemote Security Policy Editor 'SafeNet SoftRemote GROUPNAME Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in SafeNet SoftRemote Security Policy Editor MSFLICENSE, 'Author' = 'MC' , 'References' = 'CVE'...

SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja)

The remote host is missing updates announced in advisory SUSE-SA:2009:049. OpenVAS Vulnerability Test $Id: susesa2009049.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:049 acroread, acroreadja Authors: Thomas Reinke Copyright: Copyright c 2009...

Design/Logic Flaw

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the 1 Privileged Context and 2 Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and...

CVE-2009-2993

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the 1 Privileged Context and 2 Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and...

OpenOffice.org Multiple Vulnerabilities - Oct09 (Windows)

The host has OpenOffice.org installed and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbopenofficemultvulnoct09.nasl 4869 2016-12-29 11:01:45Z teissa $ OpenOffice.org Multiple Vulnerabilities - Oct09 Windows Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networ...

OpenOffice.org Multiple Vulnerabilities (Oct 2009) - Windows

OpenOffice.org is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cyrus IMAPd buffer overflow vulnerability

Overview The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code. Description The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered...

CVE-2008-7173

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service physical damage, modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue ...

Design/Logic Flaw

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service physical damage, modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue ...

CVE-2008-7173

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service physical damage, modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue ...

CVE-2008-7153

The CVE-2008-7153 entry describes a SQL injection in Docebo: the autoDetectRegion function in doceboCore/lib/lib.regset.php affects Docebo 3.5.0.3 and earlier, enabling remote attackers to execute arbitrary SQL via the Accept-Language HTTP header. The advisory notes this could be leveraged to run...

Gentoo Security Advisory GLSA 200907-13 (pulseaudio)

The remote host is missing updates announced in advisory GLSA 200907-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...