SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution

The Simplenews Scheduler module provides a system for creating automatic email newsletters. These can be set to be sent at a fixed interval, or PHP code can be entered to evaluate a condition for a new newsletter issue to be sent. The module allows a user with the 'send scheduled newsletters'...

CentOS 5 : postgresql (CESA-2012:1264)

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Slackware: Security Advisory (SSA:2009-069-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes

Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...

Fedora Update for clamav FEDORA-2012-9563

Check for the Version of clamav OpenVAS Vulnerability Test Fedora Update for clamav FEDORA-2012-9563 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

ActFax 4.31 Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html...

Wireless Security Auditing: Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library , the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks Fer...

Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20120731)

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center KDC. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial...

Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

Scientific Linux Security Update : squid on SL5.x i386/x86_64

A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use up to 100%. CVE-2009-2855 Note: The CVE-2009-2855 issue only...

Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x, SL6.x i386/x86_64

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use...

JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Impact A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Solution Update the software Update ...

CentOS Update for dhclient CESA-2011:1160 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

DSA-2516-1 isc-dhcp - denial of service

Bulletin has no description...

Fedora Update for clamav FEDORA-2012-9577

Check for the Version of clamav OpenVAS Vulnerability Test Fedora Update for clamav FEDORA-2012-9577 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 16 Update: clamav-0.97.5-1600.fc16

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

Buffer Overflow Vulnerabilities in the Cisco WebEx Player

The Cisco WebEx Recording Format WRF player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format ARF player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on th...

[SECURITY] Fedora 17 Update: clamav-0.97.5-1700.fc17

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

WordPress Automatic Plugin "q" SQL注入漏洞

WordPress是一种使用PHP语言和MySQL数据库开发的Blog（博客、网志引擎，用户可以在支持PHP和MySQL数据库的服务器上建立自己的Blog。 Wordpress Automatic Plugin for WordPress 2.0.3之前版本没有验证通过"q"参数传递到csv.php的输入即用作SQL查询，csv.php文件没有要求有效的登录凭证，通过注入任意SQL代码可操作SQL查询，执行SQL注入攻击。 0 WordPress Automatic Plugin 2.x 厂商补丁： WordPress ---------...