Mandriva Update for mozilla MDVSA-2012:066 (mozilla)

Check for the Version of mozilla OpenVAS Vulnerability Test Mandriva Update for mozilla MDVSA-2012:066 mozilla Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for mozilla MDVSA-2012:032-1 (mozilla)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for mozilla MDVSA-2012:022 (mozilla)

Check for the Version of mozilla OpenVAS Vulnerability Test Mandriva Update for mozilla MDVSA-2012:022 mozilla Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for mozilla MDVSA-2012:022 (mozilla)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Oracle Outside In contains multiple exploitable vulnerabilities

Overview Oracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats...

JSDependentString::undepend string conversion results in memory corruption — Mozilla

Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed,...

Python-wrapper Untrusted Search Path / Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...

Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC)

Lattice Diamond Programmer 1.4.2 - Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...

Lattice Diamond Programmer Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...

Lattice Diamond Programmer Buffer Overflow

Exploit for windows platform in category dos / poc Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL: http://www.coresecurity.com/content/lattice-diamond-programmer-buffer-overflow Date...

Fedora 16 : asterisk-1.8.12.2-1.fc16 (2012-8692)

The Asterisk Development Team has announced the release of Asterisk 1.8.12.2. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 1.8.12.2 resolves an issue reported by the community and would have not been possible...

Fedora 15 : asterisk-1.8.12.2-1.fc15 (2012-8685)

The Asterisk Development Team has announced the release of Asterisk 1.8.12.2. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 1.8.12.2 resolves an issue reported by the community and would have not been possible...

CSNC-2012-004 Generic XSS in AdNovum nevisProxy

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...

MS12-042: Vulnerabilities in Windows Kernel could allow elevation of privilege: June 12, 2012

Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this...

Buffer overflow and use-after-free issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-fr...

SAP NetWeaver Dispatcher - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL:...

PHP Group Set to Release Another Patch for CVE-2012-1823 Flaw

The PHP Group on Tuesday is planning to release another new version of the scripting language that’s designed to address, again, the remotely exploitable flaw that came to light last week. That bug, which requires no authentication, was supposed to have been fixed in new releases pushed out on Ma...

PHP Group Releases New Versions, But Patch Doesn't Fix CVE-2012-1823 Bug

UPDATE–The developers of PHP have released new versions of the scripting language to fix a remotely exploitable vulnerability announced earlier this week that enables an attacker to pass command-line arguments to the PHP binary. The flaw has been in the code for more than eight years and The PHP...

OpenKM Document Management System 5.1.7 Command Execution

Exploit for jsp platform in category web applications COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...

Websense (Triton 7.6) Remote Command Execution

======= Summary ======= Name: Websense Triton 7.6 Unauthenticated remote command execution as SYSTEM Release Date: 30 April 2012 Reference: NGS00140 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: Critical Status: Published ======== TimeLine ======== Discovered...