Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)

This host is missing an important security update according to Microsoft Bulletin MS13-004. OpenVAS Vulnerability Test $Id: secpodms13-004.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Privilege Elevation Vulnerability 2769324 Authors: Antu Sanadi Copyright: Copyright c 2013 SecPo...

WinRM WQL Query Runner

This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. Please note in order to use this module, the 'AllowUnencrypted' winrm option must be set. This module requires Metasploit: https://metasploit.com/download Current source:...

Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87)

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors,...

Scientific Linux Security Update : pam on SL5.x i386/x86_64

It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...

UBUNTU-CVE-2012-2127

fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONENEWPID clone system calls, which allows remote attackers to cause a denial of service reference leak and memory consumption by making many connections to a daemon that uses PID namespac...

MDVA-2012:042 : libdc1394

It was discovered a linker namespace conflict caused Digikam to crash. This advisory resolves this problem. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This scrip...

Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow

Exploit for windows platform in category local exploits ?php // Adobe Photoshop CS5.1 U3D.8bi Library Collada Asset Elements // Unicode Conversion Stack Based Buffer Overflow poc .dae // 32bit/SEH // // unicode overflow occurs when overlong asset elements are processed // one could be able to...

libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...

Linux Kernel 2.6.35 - Network Namespace Remote Denial of Service

Linux Kernel 2.6.35 - Network Namespace Remote Denial of Service source: https://www.securityfocus.com/bid/50938/info The Linux kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an out-of-memory error in certain linux applications, resulting ...

libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...

DEBIAN-CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

PYSEC-2011-1

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

CVE-2011-2189

net/core/netnamespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service memory consumption via requests to a daemon that requires a separate namespace...

CVE-2011-2189

net/core/netnamespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service memory consumption via requests to a daemon that requires a separate namespace...

CVE-2011-2189

net/core/netnamespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service memory consumption via requests to a daemon that requires a separate namespace...

kernel: netns vs proto registration ordering

net/ipv4/ipgre.c in the Linux kernel before 2.6.34, when ipgre is configured as a module, allows remote attackers to cause a denial of service OOPS by sending a packet during module loading...

DEBIAN-CVE-2011-1944

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...

libxml -- Integer overflow

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...

phpMyAdmin 3.x Conditional Session Manipulation

phpMyAdmin 3.x Conditional Session Manipulation Advisory from ???????????????????????????????????????????????.??? ??':????:'?????????????????????????????????????????::?????'??'.? ????'.??.'?????????????????????????????????????????????????????? ?????'..'???????..???..?????????:':??????????...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...