[SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2065-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 27, 2010 http://www.debian.org/security/faq -...

Ubuntu Update for fastjar vulnerability USN-953-1

Ubuntu Update for Linux kernel vulnerabilities USN-953-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9531.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for fastjar vulnerability USN-953-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

NSOADV-2010-009: AnNoText Third-Party ActiveX Control file overwrite vulnerability

-------------------------- NSOADV-2010-009 --------------------------- AnNoText Third-Party ActiveX Control file overwrite vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11...

CVE-2010-2431

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the 1 /var/cache/cups/remote.cache or 2 /var/cache/cups/job.cache file...

CVE-2010-0831

Directory traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this...

CVE-2010-2322

CVE-2010-2322 is a path traversal vulnerability in the FastJar 0.98 extract_jar implementation (jartool.c). The flaw allows remote attackers to create or overwrite arbitrary files inside a .jar by supplying a full pathname for a file within the archive. This issue is related to (and caused by) an...

CVE-2010-2192

The makelockdirname function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/...

CUPS < 1.4.4 Multiple Vulnerabilities

Binary data 5574.prm...

CVE-2010-2053

emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file...

openSUSE Security Update : puppet (openSUSE-SU-2010:0306-1)

pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim CVE-2010-0156. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

CVE-2010-2027

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on 1 files within /tmp/MathLink/ or 2 /tmp/fonts$$.conf...

Code injection

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on 1 files within /tmp/MathLink/ or 2 /tmp/fonts$$.conf...

CVE-2010-2027

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on 1 files within /tmp/MathLink/ or 2 /tmp/fonts$$.conf...

CVE-2010-1511

CVE-2010-1511 affects KGet 2.4.2 within KDE SC 4.0.0–4.4.3. The flaw arises from not properly requesting download confirmation when processing a metalink, enabling a remote attacker to overwrite arbitrary files via a crafted metalink. CVSS metrics from NVD indicate Network access, Low attack comp...

Ubuntu Update for kdenetwork vulnerability USN-938-1

Ubuntu Update for Linux kernel vulnerabilities USN-938-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9381.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for kdenetwork vulnerability USN-938-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-938-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amiro CMS&lt;=5.4.4 PHP injection

ONSEC-09-026 Amiro CMS PHP inj CVE number requested Objective: Amiro CMS = 5.4.4 Type: PHP injection Threat: Medium Discovery date: 29.12.2009 Date of notification Developer: 29.12.2009 Released correction: 03/05/2010 Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Descriptio...

NovellZENworks Configuration Management Code Execution

Exploit Title: ZDI-10-078: NovellZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability Date: 2009-04-26 Author: tucanalamigo http://tucanalamigo.blogspot.com Software Link: http://www.novell.com/products/zenworks/configurationmanagement/ Version: 10.2 Tested on:...

CVE-2010-1160

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...

Design/Logic Flaw

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...