Design/Logic Flaw

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service application crash, or read the SMS database...

CVE-2010-0169

Technical details about CVE-2010-0169 are not provided in the supplied documents. Please monitor official advisories and vendor patches for affected products and versions.

Apple QuickTime SMIL qtnext Redirect File Execution (CVE-2008-1585)

QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or network servers. One of the media formats supported by Apple QuickTime is SMIL. There exists a file execution vulnerability in Apple QuickTime...

kernel security and bug fix update

2.6.9-89.0.23.0.1 - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

DSA-1996-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

BookseBooks Rental Software - SQL Injection

BookseBooks Rental Software - SQL Injection / ! Books/eBooks Rental Software SQL injection Vulnerability ! Author : Don Tukulesto [email protected] ! Homepage : http://www.indonesiancoder.com ! Date & Time : Thu Feb 10, 2010 5:55 PM ! Rock On : http://antisecradio.fm choose your weapon /...

Apple Safari Multiple Vulnerabilities

This host is installed with Apple Safari Web Browser and is prone to to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnjan10.nasl 7174 2017-09-18 11:48:08Z asteins $ Apple Safari Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

CVE-2010-0314

The connected SSV entry (SSV:19008) documents CVE-2010-0314 as a redirect-target disclosure in Apple Safari: if a site URL is placed in the HREF of a stylesheet LINK element, a user’s session can read document.styleSheets[0].href to reveal the redirect URL. It notes Safari 4.0.4 and describes the...

Magento Community Edition 1.3.2.43 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The full text of this advisory can be found at: http://www.madirish.net/?article=445 Description of Vulnerability: - ----------------------------- Magento http://www.magentocommerce.com/ is an eCommerce platform written in MySQL and PHP. Magento...

CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute...

CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute...

Condor: queue super user cannot drop privs

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute...

CVE-2009-4363

TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...

kernel security and bug fix update

2.6.9-89.0.18.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - backout patch sysrq-b that queues upto keventd thread Guru Anbalagane orabug 6125546 - netrx/netpoll race...

CVE-2009-4074

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting XSS attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an...

Cross site scripting

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...

Apple Safari buffer overflow

Buffer overflow on oversized CSS background attribute...

Code injection

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...