kdelibs security update

3.5.4-22.0.1.el53 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm in tarball 3.5.4-22 - Resolves: 505621, CVE-2009-1687, integer overflow in KJS JavaScript garbage collector CVE-2009-1698, KHTML CSS parser - incorrect handling CSS style attribute content...

[TZO-37-2009] Apple Safari <v4 Remote code execution

Apple Safari Remote code execution CSS:Attr Shameless plug : ------------------------------------------------------------------------ You are invited to join the 2009 edition of HACK.LU, a small but concentrated luxemburgish security conference. More information : http://www.hack.lu - CFP is open...

DEBIAN-CVE-2009-2044

Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service application crash via a URI for a large GIF image in the BACKGROUND attribute of a BODY element...

CVE-2009-1701

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a...

ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

ZDI-09-032: Apple WebKit attr Invalid Attribute Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-032 June 8, 2009 -- CVE ID: CVE-2009-1698 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

Mozilla Firefox - unclamped loop Denial of Service

From the low-hanging-fruit-department Firefox et al. Denial of Service - All versions supporting SVG CHEAP Plug : You are invited to participate in HACK.LU 2009, a small but concentrated luxemburgish security conference. More information : http://www.hack.lu CFP is open, sponsorship is still...

Microsoft Internet Explorer 78 - HTML Attribute JavaScript URI SecURIty Bypass

Microsoft Internet Explorer 78 - HTML Attribute JavaScript URI SecURIty Bypass source: https://www.securityfocus.com/bid/35455/info Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. An attacker may exploit...

SDP Downloader ASX File Heap Buffer Overflow Vulnerability

This host is installed with SDP Downloader and is prone to Buffer Overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodsdpdownloaderbofvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SDP Downloader ASX File Heap Buffer Overflow Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009...

FreeBSD : drupal -- XSS (a6605f4b-4067-11de-b444-001372fd0af2)

The Drupal Security Team reports : When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

Stack overflow

Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via 1 a long rtsp URL in a .ram file and 2 a long string in the HREF attribute of a REF element in a .asx file...

CVE-2009-1641

Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via 1 a long rtsp URL in a .ram file and 2 a long string in the HREF attribute of a REF element in a .asx file...

CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrate...

kernel security and bug fix update

2.6.9-78.0.22.0.1.EL - xen fix for hung JVM thread after GPF orabug 7916406 Chuck Anderson - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mt...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

Apache Tiles Multiple XSS Vulnerability

This host has Apache Tiles installed and is prone to Cross-Site Script Vulnerability OpenVAS Vulnerability Test $Id: secpodapachetilesxssvuln.nasl 8695 2018-02-06 16:42:37Z cfischer $ Apache Tiles Multiple XSS Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod,...

Apache Struts Cross Site Scripting Vulnerability

This host is running Apache Struts and is prone to Cross Site Scripting Vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsxssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Apache Struts Cross Site Scripting Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Network...

CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...