CVE-2012-6502

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a...

CentOS Update for luci CESA-2013:0128 centos5

Check for the Version of luci OpenVAS Vulnerability Test CentOS Update for luci CESA-2013:0128 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Design/Logic Flaw

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed i...

CVE-2012-6359

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed i...

CVE-2012-6359

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed i...

CVE-2012-6359

IBM TFIM and TFIMBG are affected by CVE-2012-6359: versions 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not verify that OpenID attributes are signed in SREG/AX, allowing unsigned attributes to be inserted and potentially spoofed by an attacker. The issue can be exploi...

Low: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

Fedora 16 : firefox-17.0-1.fc16 / thunderbird-17.0-1.fc16 / thunderbird-enigmail-1.4.6-2.fc16 / etc (2012-18661)

First revision of the Social API and support for Facebook Messenger - Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission see blog post - Updated Awesome Bar experience with larger icons - JavaScript Maps and Sets are now...

CVE-2012-4848

Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the 1 First Name or 2 Last Name field...

Fedora 18 : firefox-17.0-1.fc18 / thunderbird-17.0-1.fc18 / thunderbird-enigmail-1.4.6-2.fc18 / etc (2012-18731)

First revision of the Social API and support for Facebook Messenger - Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission see blog post - Updated Awesome Bar experience with larger icons - JavaScript Maps and Sets are now...

Fedora 17 : firefox-17.0-1.fc17 / thunderbird-17.0-1.fc17 / thunderbird-enigmail-1.4.6-2.fc17 / etc (2012-18683)

First revision of the Social API and support for Facebook Messenger - Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission see blog post - Updated Awesome Bar experience with larger icons - JavaScript Maps and Sets are now...

persistent xss in a user's username within mentions within comments

A user's username is injected into the "rel" attribute of the user mention link without being encoded properly. This means that if the username contains a " character then new attributes can be injected into the user mention link element. Hence, providing a persistent xss vector. To reproduce thi...

CVE-2012-3459

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...

Code injection

ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the tag of a Twitter feed...

Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability (cisco-sa-20120926-bgp)

Cisco IOS Software contains a vulnerability in the Border Gateway Protocol BGP routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP sessio...

Design/Logic Flaw

The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service multiple connection resets by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248...

CVE-2012-4617

The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service multiple connection resets by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248...

Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability

Cisco IOS Software contains a vulnerability in the Border Gateway Protocol BGP routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP...

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...