USN-1093-1: Linux Kernel vulnerabilities (Marvell Dove)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...

Mandriva Linux Security Advisory : php (MDVSA-2011:053)

Multiple vulnerabilities has been identified and fixed in php : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service applicatio...

OpenSLP denial of service vulnerability

Overview OpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition. Description Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover...

CMS Balitbang 3.3 Arbitary File Upload Vulnerability

Exploit for php platform in category web applications Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download link: http://www.kajianwebsite.org/download/CMS%20versi%203.3.zip Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss.inf...

CMS Balitbang 3.3 - Arbitrary File Upload

CMS Balitbang 3.3 - Arbitrary File Upload =================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type:...

CMS Balitbang 3.3 - Arbitrary File Upload

=================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download link:...

[SECURITY] Fedora 13 Update: TeXmacs-1.0.7.9-2.fc13

GNU TeXmacs is a free scientific text editor, which was both inspired by TeX and GNU Emacs. The editor allows you to write structured documents via a WYSIWYG what-you-see-is-what-you-get and user friendly interface. New styles may be created by the user. The program implements high-quality...

Google Chrome < 9.0.597.107 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 9.0.597.107. Such versions are reportedly affected by multiple vulnerabilities : - An unspecified error exists in the URL bar operations which can allow spoofing attacks. Issue 54262 - An unspecified error exists in the...

USN-1074-1: Linux kernel vulnerabilities

Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2009-4895 Dan Rosenberg discovered that the MOVEEXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only...

Re: PHP 5.3.5 grapheme_extract&#40;&#41; NULL Pointer Dereference

On Wed, 16 Feb 2011 16:11:23 -0700 cxib wrote: Affected Software: - PHP 5.3.5 grapheme is neither part of PHP core, nor built-in PHP extension, therefore above is false as bug is not in PHP itself. People using PHP 5.3.5 but not using grapheme some distros like Debian and derrivatives offer this...

FreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)

OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files -...

krb5 security update

1.8.2-3.4 - add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error, and hang or crash in the KDC when using the LDAP kdb backend CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, 671101 1.8.2-3.3 - pull up crypto changes made between 1.8.2 and 1.8.3 t...

CVE-2011-0681

CVE-2011-0681 affects Opera before 11.01. The CSS Extensions for XML implementation recognizes javascript: URLs in the -o-link property, enabling bypass of CSS filtering. Opera 11.01 fixes this by upgrading. The connected documents confirm the specific mechanism and the fixed version; exploitatio...

Oracle VirtualBox Extensions Local Privilege Escalation Vulnerability - Linux

Oracle VirtualBox is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unrestricted file upload

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm...

OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files

Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...

Google Chrome Multiple Vulnerabilities (Jan 2011) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle VirtualBox Extensions Local Privilege Escalation Vulnerability - Windows

Oracle VirtualBox is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla Component com_b2portfolio 1.0.0 Multiple SQL Injection

Exploit for php platform in category web applications Name B2 Portfolio Vendor http://www.pulseextensions.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2011-01-24 X. INDEX I. ABOUT THE...

Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections

Joomla! Component comb2portfolio 1.0.0 - Multiple SQL Injections B2 Portfolio Joomla Component 1.0.0 Multiple SQL Injection Vulnerability Name B2 Portfolio Vendor http://www.pulseextensions.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net...