phpmyadmin -- Cross-Site Scripting Vulnerability

Secunia reports: An error exists in the "PMAescapeJsString" function in libraries/jsescape.lib.php, which can be exploited to bypass certain filters and execute arbitrary HTML and script code in a user's browser session in context of an affected site when e.g. Microsoft Internet Explorer is used...

Solaris 9 (x86) : 121775-01

GNOME 2.6.0x86: GNOME panel and support libraries Patch. Date this patch was last updated by Sun : Sep/09/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

[SECURITY] Fedora 9 Update: bluez-libs-3.35-1.fc9

Libraries for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A...

FreeBSD Ports: postgresql, postgresql-server, ja-postgresql

The remote host is missing an update to the system as announced in the referenced advisory. VID 5d425189-7a03-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: cyrus-sasl

The remote host is missing an update to the system as announced in the referenced advisory. VID 92268205-1947-11d9-bc4a-000c41e2cdad OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

xpm -- image decoding vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: postgresql, postgresql-server, ja-postgresql

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Moderate: Red Hat Security Advisory: adminutil security update

An updated adminutil package that fixes a security issue is now available for Red Hat Directory Server 8.0. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Directory Server is an LDAPv3-compliant server. The adminutil packages is...

OpenLDAP: Denial of Service vulnerability

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the "bergetnext" function in libraries/liblber/io.c. Impact A remote unauthenticated...

DEBIAN-CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

Minishowcase 09b136 - 'lang' Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: Minishowcase Image Gallery Versions Affected: v09b136 Vendor URL: http://minishowcase.frwrd.net Bug: Local File Include Exploits: YES Reported: 14.07.2008 Second report: 22.07.2008 Vendor response: NONE Solution: NONE Date...

Oracle Database Local Untrusted Library Path Vulnerability

Oracle Database Local Untrusted Library Path Vulnerability ---------------------------------------------------------- The Oracle July 2008 Critical Patch Update fixes a vulnerability which allows a user in the OINSTALL/DBA group to scalate privileges to root. Scalating Privileges from "oracle" to...

[SECURITY] Fedora 8 Update: ruby-gnome2-0.17.0-0.3.rc1.fc8

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

RealPlayer 9 *nix Local Privilege Escalation Exploit

No description provided by source. / rp9-priv-esc.c A local privilege escalation attack against the community supported version of Real.com's Realplayer, version 9. Written by: Jon Hart warchild spoofed.org By default, configuration files are stored in $USER/.realnetworks/, but all the files in...

bluez-libs: SDP payload processing vulnerability

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field th...

[SECURITY] Fedora 8 Update: ruby-gnome2-0.17.0-0.2.rc1.fc8

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

[SECURITY] Fedora 8 Update: openldap-2.3.39-4.fc8

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

Design/Logic Flaw

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability sblim libraries before 1-13a.el46.1 in Red Hat Enterprise Linux RHEL 4, and before 1-31.el52.1 in RHEL 5, allows local users to gain privileges via a malicious library...

CVE-2008-1951

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability sblim libraries before 1-13a.el46.1 in Red Hat Enterprise Linux RHEL 4, and before 1-31.el52.1 in RHEL 5, allows local users to gain privileges via a malicious library...

CVE-2008-1951

CVE-2008-1951 is an untrusted search path vulnerability in sblim libraries on Red Hat Enterprise Linux: an attacker could place a malicious libc.so in a directory in the RPATH under /var/tmp, enabling local privilege escalation. The issue is demonstrated via a malicious libc.so used by tog-pegasu...