AIX 610004 : U841449

The remote host is missing AIX PTF U841449 which is related to the security of the package bos.rte.console You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

Wake-on-LAN

This script will send a WoL Wake-On-LAN packet to each MAC address listed in file uploaded via its preference. To use this feature : - The scanner must be located on the same physical subnet as the targets. - The MAC addresses of the targets must be listed in a text file supplied via the policy...

MODx 'ucfg' Parameter Arbitrary File Access

The installed version of MODx allows access to arbitrary files because it fails to perform sufficient validation on 'ucfg' parameter in 'assets/snippets/ajaxSearch/ajaxSearchPopup.php'. By supplying directory traversal strings such as '..%2F' in a specially crafted AjaxSearch 'POST' request, it i...

mupdf -- Remote System Access

Secunia reports: The vulnerability is caused due to an error within the "closedctd" function in fitz/filtdctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file...

AIX 610006 : U838281

The remote host is missing AIX PTF U838281 which is related to the security of the package devices.vdevice.IBM.v-scsi.rte.6.1 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. CVE-2010-1797 - integer underflow. CVE-2010-2497 - invalid free. CVE-2010-2498 - buffer...

Artica < 1.4.101900 mailattach Parameter Directory Traversal

The installed version of Artica fails to sanitize user-supplied input to the 'mailattach' parameter of the 'images.listener.php' script. By prefixing directory traversal strings such as '....//' to the 'mailattach' parameter a remote, unauthenticated attacker could exploit this vulnerability to...

Artica mailattach Parameter Directory Traversal

The installed version of Artica fails to sanitize user-supplied input to the 'mailattach' parameter of the 'images.listener.php' scrip. By prefixing directory traversal strings such as '../' to the 'mailattach' parameter a remote, unauthenticated attacker could exploit this vulnerability to read...

Mozilla Thunderbird 3.1 < 3.1.5 Multiple Vulnerabilities

The installed version of Thunderbird 3.1 is earlier than 3.1.5. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-64 - By passing an excessively long...

Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities

Binary data 801332.prm...

SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. CVE-2010-1797 - integer underflow. CVE-2010-2497 - invalid free. CVE-2010-2498 - buffer...

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

AIX 610005 : U834685

The remote host is missing AIX PTF U834685 which is related to the security of the package bos.adt.prof.6.1 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

SuSE9 Security Update : freetype2 (YOU Patch Number 12630)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. CVE-2010-1797 - integer underflow. CVE-2010-2497 - invalid free. CVE-2010-2498 - buffer...

AIX 610004 : U836689

The remote host is missing AIX PTF U836689 which is related to the security of the package devices.tmiscsw.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

AIX 610002 : U837006

The remote host is missing AIX PTF U837006 which is related to the security of the package bos.pmapi.tools You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free -...

openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free -...

AIX 610003 : U835954

The remote host is missing AIX PTF U835954 which is related to the security of the package bos.rte.security You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

Atlassian JIRA ConfigureReport.jspa 'reportKey' Information Disclosure

The Atlassian JIRA installation hosted on the remote web server is affected by an information disclosure vulnerability, which an unauthenticated attacker can exploit, by setting the 'reportKey' parameter in ConfigureReport.jspa to an invalid value, to gain access to sensitive information, such as...