CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS...

Multiple Vulnerabilities in SweetRice CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SweetRice CMS which could be exploited to perform cross-site scripting and SQL injection attacks and change administrators password. 1 Cross-site scripting XSS vulnerability in SweetRice CMS The vulnerability...

[SECURITY] Fedora 14 Update: glibc-2.12.90-17

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Mandriva Update for freeciv MDVSA-2010:205 (freeciv)

Check for the Version of freeciv OpenVAS Vulnerability Test Mandriva Update for freeciv MDVSA-2010:205 freeciv Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Linux Security Advisory : freeciv (MDVSA-2010:205)

A vulnerability was discovered and corrected in freeciv : freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7...

[ MDVSA-2010:205 ] freeciv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:205 http://www.mandriva.com/security/ Package : freeciv Date : October 15, 2010 Affected: 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1...

Unfixed XSS vulnerability at www.hnn.co.il

Security researcher IsraeliBugsReportProject, has submitted on 10/08/2010 a cross-site-scripting XSS vulnerability affecting www.hnn.co.il, which at the time of submission ranked 400926 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2011...

XSS vulnerability in space key, particularly with decorators off

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable...

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors relate...

CVE-2010-2942

CVE-2010-2942 affects the Linux kernel prior to 2.6.36-rc2. The issue arises in the actions implementation of network queueing: several tcf_*_dump routines (tcf_gact_dump, tcf_mirred_dump, tcf_nat_dump, tcf_simp_dump, tcf_skbedit_dump) do not properly initialize certain structure members during d...

Security a Concern as HTML5 Gains Traction

From animated logos to Web videos for hip, independent bands, HTML5 is getting buzz and gaining traction. But concerns about the security of features in the new version of the Web’s lingua franca persist. Every technology innovation has its coming out party, and Google Inc.’s recent “dancing ball...

Adobe Cautions Users About Installing Unofficial Reader Patch

Adobe is cautioning its users about installing an unofficial patch for the Reader CoolType.dll bug that was released on Wednesday, saying that although the patch appears to prevent the crash in Reader, installing it could have some unintended consequences. The Reader bug, which was disclosed...

Unfixed XSS vulnerability at www.ledevoir.com

Security researcher h3xStream, has submitted on 09/07/2010 a cross-site-scripting XSS vulnerability affecting www.ledevoir.com, which at the time of submission ranked 54455 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2010. It is...

Unfixed XSS vulnerability at www.corning-observer.com

Security researcher Devek, has submitted on 27/07/2010 a cross-site-scripting XSS vulnerability affecting www.corning-observer.com, which at the time of submission ranked 2410763 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/12/2011. It is...

Abzarak Cross Site Scripting

Abzarak XSS Vulnerability Author:Mohammad Javanbakht Email:secanaratgmail.com blog:secanar.blogspot.com Exploit: site/?s= html code-Decode ACSII to Hex Vulnerable code: Search Demo: http://www.abzarak.com/?s=%3Cinput+value%3D%22XSS%22%3E%3C%2Finput%3E END...

Inside the Black Energy 2 Botnet

By Dmitry Tarakanov Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. One of the most popular tools is called Black Energy. To date, Kaspersky Lab has identified and implemented detection for over 4,000 modifications of this malicious program. In mid-2008 malware...

Novell Groupwise Internet Agent Stack Overflow

Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x Exploitation: Remote code execution CVE Number: Novell TID: 7006374 Author: Francis Provencher Protek Research Lab's WebSite:...

Novell Groupwise Internet Agent Stack Overflow

Exploit for windows platform in category dos / poc ============================================== Novell Groupwise Internet Agent Stack Overflow ============================================== Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise...

Novell Groupwise Internet Agent - Stack Overflow

Novell Groupwise Internet Agent - Stack Overflow Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x Exploitation: Remote code execution CVE Number: Novell TID: 7006374 Author: Francis Provencher Protek...

Mandriva Update for krb5 MDVA-2010:177-1 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVA-2010:177-1 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...