Linux Kernel 空指针引用拒绝服务漏洞(CVE-2012-5517)

Bugtraq ID:56527 CVE ID:CVE-2012-5517 Linux是一款开源的操作系统。 处理新节点热添加hot-added内存扩展到其他节点管理区链表zonelist时存在一个空指针应用漏洞，允许非特权本地用户利用此漏洞使系统崩溃。 0 Linux kernel 2.6.x 用户可参考如下厂商提供的安全公告获得补丁信息： http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1...

Microsoft Windows Kernel 'Win32k.sys' TrueType字体解析远程代码执行漏洞(MS12-075)

BUGTRAQ ID: 56457 CVE ID: CVE-2012-2897 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows 7内核处理特制的TrueType字体文件时存在远程代码执行漏洞，如果用户打开特制的TrueType字体文件，此漏洞可允许远程代码执行。 0 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Vista...

IBM WebSphere Application Server 远程权限提升漏洞(CVE-2012-4850)

Bugtraq ID:56460 CVE ID:CVE-2012-4850 IBM WebSphere Application Server WAS是由IBM遵照开放标准，例如Java EE, XML 还有Web Services，开发并发行的一种应用服务器。 IBM WebSphere Application Server 8.5 Liberty Profile 8.5.0.1之前版本，在使用JAX-RS时，由于不正确校验请求，允许远程攻击者利用漏洞获得高权限。 0 IBM WebSphere Application Server 8.5 用户可参考如下厂商提供的安全公告获得补丁信息：...

MySQL 5.0.95 MyISAM Table Symbolic Link Local Restriction Bypass

The version of MySQL installed may be affected by a symlink-related restriction bypass vulnerability due to a CVE-2009-4030 regression fix being removed in a RedHat 5.0.95 package. Note that this flaw has no impact if the default basedir and datadir configuration values are unchanged. C Tenable...

Fedora 16 : claws-mail-3.8.1-3.fc16 (2012-16772)

Fixes a NULL pointer crash. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 17 : kernel-3.6.5-1.fc17 (2012-17462)

Update to latest upstream stable release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

Invision Power Board 'core.php'未明安全漏洞

Bugtraq ID:56288 CVE ID:CVE-2012-4547 Invision Power Board是一款流行的PHP论坛程序。 Invision Power Board中的admin/sources/base/core.php存在一个未明安全漏洞，目前没有详细漏洞细节提供。 0 IP.Board Invision Power Board 3.x 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息：...

Fedora 16 : haproxy-1.4.22-1.fc16 (2012-16056)

Upstream security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Django 1.3.1 'HttpRequest.get_host()'信息泄露漏洞

Bugtraq ID:56146 CVE ID:CVE-2012-4520 Django是一款开放源代码的Web应用框架，由Python写成。 当处理HTTP "Host"头数据时"HttpRequest.gethost"方法存在漏洞，可被利用构建特制的头字段泄露任意URLS。 0 Django 1.3.1 厂商解决方案 Django 1.3.4或1.4.2已经修复此漏洞，建议用户下载使用： https://www.djangoproject.com/weblog/2012/oct/17/security/...

Debian DSA-2560-1 : bind9 - denial of service

It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Campaign Enterprise 11 SQL Injection / Unauthorized Access

Campaign Enterprise 11 suffers from multiple remote SQL injection, unauthorized access, clear text password storage, and direct access bypass vulnerabilities. CVE-2012-3820, CVE-2012-3821, CVE-2012-3822, CVE-2012-3823, CVE-2012-3824 Overview =============== Campaign Enterprise 11, by ArialSoftwar...

phpMyAdmin 3.5.x HTML注入漏洞

Bugtraq ID:55925 CVE ID:CVE-2012-5339 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出，使用特殊名创建/修改trigger, event或procedure时，可触发跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 phpMyAdmin 3.5.x 厂商解决方案 phpMyAdmin 3.5.3已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/...

Fedora 18 : haproxy-1.4.22-1.fc18 (2012-16023)

Upstream security release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

Dart Communications Stack Overflow Vulnerability

Exploit for windows platform in category dos / poc Overview =============== DartWebserver.Dll is an HTTP server provided by Dart Comunications dart.com. It is distributed intheir PowerTCP/Webserver For ActiveX product and likely other similar products. "Build web applications in any familiar...

Fedora 16 : dhcp-4.2.4-1.P2.fc16 (2012-14076)

This is security bugfix release fixing a security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability (cisco-sa-20120926-dhcpv6)

Cisco IOS Software and Cisco IOS XE Software contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a crafted request to an affected device that has the DHCP version 6 DHCPv6...

Fedora 16 : moodle-2.1.8-1.fc16 (2012-14295)

Multiple vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)

Lot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

Fedora 17 : spice-gtk-0.12-5.fc17 (2012-14107)

Fix for CVE-2012-4425 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Apple Remote Desktop Information Disclosure Vulnerability

This host is installed with Apple Remote Desktop and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbappleremotedesktopinfodiscvuln.nasl 6601 2017-07-07 10:00:10Z cfischer $ Apple Remote Desktop Information Disclosure Vulnerability Authors: Madhuri D Copyright:...