7790 matches found
[slackware-security] emacs (SSA:2012-228-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security emacs SSA:2012-228-02 New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...
[slackware-security] emacs
New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/emacs-23.3-i486-2slack13.37.txz: Rebuilt. Patched to fix a security flaw in the file-local variables code. When the Emacs use...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...
CVE-2012-4264
Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...
WordPress Better WP Security Plugin <= 3.2.4 - Multiple XSS
Because of this vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors related to "server variables". Solution Update the plugin...
emacs -- remote code execution vulnerability
Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...
Scientific Linux Security Update : sudo on SL5.x i386/x86_64
A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed comma...
Easy business v3. 0 code audit-vulnerability warning-the black bar safety net
A gay in a portal to work..site total person-days..so..let us Diamondback help to look at the dish below, do not spray to initiate a dedicated Just a cursory scan of a few eye..pit... ! Simply wood with a filter media OK.. news\install\index. php. bak this turned out also with a dede..although ba...
abrt, libreport, btparser, and python-meh security and bug fix update
abrt 2.0.8-6.0.1.el6 - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot 2.0.8-6 - enable plugin services after install rhbz820515 - Resolves: 820515 2.0.8-5 - removed the...
Cross-domain JSON resources may be exposed as JavaScript variable data – Opera Security Advisories
JSON strings are sometimes exported by sites as a resource that cannot be read cross-domain, and may contain confidential data. The format of a JSON string ensures that it cannot be read as the contents of a variable, if it is included as a normal script. In some cases, Opera does not correctly...
Windows Manage PowerShell Download and/or Execute
This module will download and execute a PowerShell script over a meterpreter session. The user may also enter text substitutions to be made in memory before execution. Setting VERBOSE to true will output both the script prior to execution and the results. This module requires Metasploit:...
rssh restrictions bypass
It's possible to bypass restrictions by manipulating with environment variables...
rssh -- arbitrary command execution
Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...
PHP < 5.3.11 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...
Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt
Автор: sickness Блог автора: Перевод: Gh0St 07.04.2012 Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt. ПРИМЕЧАНИЕ: Перед чтением данного документа, рекомендуется ознакомиться со следующими работами: Руководство по написанию эксплоитов для Linux. Часть I – переполнени...
Fedora 16 : php-pear-CAS-1.3.0-2.fc16 (2012-4119)
Upstream changelog Changes in version 1.3.0 Bug Fixes : - the saml logout url should be parsed urlencoded 24 dlineate - fix a proxy mode bug introduced in a previous comitt 16 Adam Franco - Fix includepath order so that the phpCAS path takes precedence 13 Adam Franco - fix invalid characters in t...
CVE-2011-3037
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...
CVE-2011-3037
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...
CVE-2011-3037
Removed by vendor...