4527 matches found
SuSE 10 Security Update : dhcp6 (ZYPP Patch Number 7464)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
SuSE 11.1 Security Update : dhcpcd (SAT Patch Number 4389)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note this update is...
SuSE 10 Security Update : dhcp (ZYPP Patch Number 7456)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 2216-1] isc-dhcp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2216-1 [email protected] http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq -...
DEBIAN-CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
SuSE 10 Security Update : dhcpcd (ZYPP Patch Number 7452)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...
FreeBSD : isc-dhcp-client -- dhclient does not strip or escape shell meta-characters (7e69f00d-632a-11e0-9f3a-001d092480a4)
ISC reports : ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client. %NASLMINLEVEL 70300 C...
SuSE9 Security Update : dhcp (YOU Patch Number 12698)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...
SuSE9 Security Update : dhcpcd (YOU Patch Number 12699)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...
SuSE 11.1 Security Update : dhcp (SAT Patch Number 4315)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...
Design/Logic Flaw
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...
SuSE9 Security Update : dhcpcd (YOU Patch Number 12696)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...
isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
ISC reports: ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client...
SuSE 11.1 Security Update : logwatch (SAT Patch Number 4236)
Shell meta characters in log file names could lead to execution of arbitrary code. CVE-2011-1018 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...
CVE-2011-0700
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to 1 the Quick/Bulk Edit title aka post title or posttitle, 2 poststatus, 3 commentstatus, 4 pingstatus, and 5 escaping of tags...
CVE-2011-0700
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to 1 the Quick/Bulk Edit title aka post title or posttitle, 2 poststatus, 3 commentstatus, 4 pingstatus, and 5 escaping of tags...
Debian Security Advisory DSA 2182-1 (logwatch)
The remote host is missing an update to logwatch announced via advisory DSA 2182-1. OpenVAS Vulnerability Test $Id: deb21821.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2182-1 logwatch Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2182-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2182-1 : logwatch - shell command injection
Dominik George discovered that Logwatch does not guard against shell meta-characters in crafted log file names such as those produced by Samba. As a result, an attacker might be able to execute shell commands on the system running Logwatch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...