[SECURITY] Fedora 18 Update: jabberd-2.2.17-1.fc18

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Slackware: Security Advisory (SSA:2007-066-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Bugzilla信息泄露漏洞

CVE ID: CVE-2012-4747 Bugzilla是一个开源的缺陷跟踪系统，它可以管理软件开发中缺陷的提交，修复，关闭等整个生命周期。 Bugzilla在访问限制控制不足的web root下存放了敏感信息，通过直接请求，可允许远程攻击者读取extensions/下的template aka .tmpl文件和其他定制扩展文件，或docs/下的自定义文档文件。 0 Bugzilla 4.x Bugzilla 3.x Bugzilla 2.x 厂商补丁： Bugzilla -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

CVE-2012-1468

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

CVE-2010-5204

Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse 1 eclipse1114.dll or 2 emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw...

CVE-2011-5155

Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of...

CVE-2010-5204

Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse 1 eclipse1114.dll or 2 emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw...

CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument." To our knowledge it is neither...

[SECURITY] Fedora 16 Update: jabberd-2.2.14-4.fc16

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Mozilla SeaMonkey 2.x < 2.12 Multiple Vulnerabilities

Binary data 801356.prm...

CVE-2012-2112

Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...

CVE-2009-5131

CVE-2009-5131 concerns the Receive Service in Websense Email Security prior to 7.1, where the blacklist fails to recognize domain extensions. This allows remote attackers to bypass access restrictions and send e-mail messages via an SMTP session. Documented by NVD and Red Hat with the same descri...

Snagit 11.0.1 DLL Hijack

Exploit Title: Snagit 11.0.1 dwmapi.dll DLL Hijacking Exploit Date: 2012-08-23 Author: coolkaveh [email protected] Greets To Mohammad Morteza Sanaie [email protected] Https://twitter.com/coolkaveh Vendor Homepage: http://www.techsmith.com/ Version: 11.0.1build93 Tested on: windows X...

Adobe Pixel Bender Toolkit2 11.0.422584 DLL Hijack

Exploit Title: Adobe Pixel Bender Toolkit2 tbbmalloc.dll DLL Hijacking Exploit Date: 2012-08-23 Author: coolkaveh [email protected] Greets To Mohammad Morteza Sanaie [email protected] Https://twitter.com/coolkaveh Vendor Homepage: http://www.adobe.com/ Version: 11.0.422584 Tested on...

CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

Cross site request forgery (csrf)

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64

An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service crash or, potentially, execute arbitrary code with root privileges on the X.Org server. CVE-2008-1377 Multiple integer overflow...