[SECURITY] Fedora 23 Update: imlib2-1.4.9-1.fc23

Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...

[SECURITY] Fedora 22 Update: imlib2-1.4.9-1.fc22

Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...

Wireshark 2.0.x < 2.0.2 Multiple Vulnerabilities (Mac OS X)

The version of Wireshark installed on the remote Mac OS X host is 2.0.x prior to 2.0.2. It is, therefore, affected by multiple vulnerabilities in the following components, which can result in a memory disclosure, a denial of service, or the execution of arbitrary code : - 3GPP TS 32.423 Trace fil...

The vulnerability of the WildFly application server and the JBoss Enterprise Application Platform, which allows a hacker to perform authentication under the identity of an administrator

The vulnerability of the Java server consoles of WildFly and the JBoss Enterprise Application Platform lies in the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass authentication as the administrator, when the administrator performs any actions...

ownCloud: Full Path Disclosure

When I was trying to load a file which is not actually exist then it shows "message":"Could not obtain lock type 1 on "/opt/lampp/htdocs/owncloud/data/admin/files/lol"." Request GET /owncloud/index.php/apps/filestexteditor/ajax/loadfile?filename=lol HTTP/1.1 Host: 192.168.0.105...

CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service hang and resource consumption via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the 1 user or 2 channel name in a Qt dialog, 3...

CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service hang and resource consumption via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the 1 user or 2 channel name in a Qt dialog, 3...

UBUNTU-CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service hang and resource consumption via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the 1 user or 2 channel name in a Qt dialog, 3...

CVE-2014-3756

The CVE-2014-3756 issue affects Mumble 1.2.x prior to 1.2.6, where a crafted string treated as rich-text in Qt widgets (user/channel name, Certificate Wizard fields, or tooltip server name) can force loading of an external file and cause a denial-of-service (hang/resource consumption). The root c...

PHPenpals <= 1.1 (mail.php ID) Remote SQL Injection Exploit

No description provided by source. !usr/bin/perl |------------------------------------------------------------------------------------------------------------------ | -Info: | -Name: Phpenpals | -Version: = 1.1 | -Site: http://sourceforge.net/projects/phpenpals/ | -Download Script:...

MGASA-2014-0245 Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

Design/Logic Flaw

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

CVE-2013-0977 affects Apple iOS prior to 6.1.3 and Apple TV prior to 5.2.1. The issue is a state-management flaw in loading Mach-O executable files with overlapping segments, which allows a local user to bypass code-signing requirements. Impact, as stated in multiple sources, is local execution o...

SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)

inkscape was updated to fix a XXE Xml eXternal Entity attack during rasterization of SVG images CVE-2012-5656, where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from...

Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.2.1.fc17.8 (2012-9590)

S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme...

CVE-2012-1942

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context...

Through the Zend directory permissions are not strict get execute permissions-bug warning-the black bar safety net

On the server a lot have installed Zend Even if C:\Program Files\ set permissions, install Zend, Zend will auto-configure directory permissions C:\Program Files\Zend\ZendOptimizer-3.3.0\ under the directory permissions for the Everyone full,which leads to the intruder can be written into the file...

ALFTP Insecure Executable File Loading Vulnerability

This host is installed with ALFTP and is prone to insecure executable file loading vulnerability. OpenVAS Vulnerability Test $Id: secpodalftpinsecureexecfileloadvuln.nasl 6018 2017-04-24 09:02:24Z teissa $ ALFTP Insecure Executable File Loading Vulnerability Authors: Madhuri D Copyright: Copyrigh...

ALFTP Insecure Executable File Loading Vulnerability

ALFTP is prone to insecure executable file loading vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...