PHP 5.4.0RC2-5.4.0 'main/SAPI.c' HTTP标头注入漏洞

BUGTRAQ ID: 55527 CVE ID: CVE-2012-4388 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.4.0RC2-5.4.0版本的main/SAPI.c内sapiheaderop函数在检查%0D序列时没有正确确定指针，可允许远程攻击者通过特制的URL绕过HTTP响应分离保护机制，该URL相关PHP标头函数和某些浏览器直接的不恰当交互。 0 PHP 5.4.0RC2-5.4.0 厂商补丁： PHP ---...

Fedora 16 : blender-2.59-7.fc16 (2012-13665)

Fix insecure use of creating temporary file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

PHPList SQL injection and cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Affected system: phplist phplist 2.10.17 Not affected system: phplist phplist 2.10.18 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 2 6 5 7 CVE ID: CVE-2 0 1 2-2 7 4 0 PHPList is a open source email campaign Manager. phpList 2.10. 1 8...

Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62078; scriptversion"1.16"; scriptcvsdate"Date:...

Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62077; scriptversion"1.15"; scriptcvsdate"Date:...

Microsoft System Center Configuration Manager跨站脚本执行漏洞（MS12-062)

BUGTRAQ ID: 55430 CVE ID: CVE-2012-2536 系统中心配置管理器2007 R2（System Center Configuration Manager 2007 R2）—以前被称为 Systems Management Server SMS —是在物理、虚拟、分布以及移动环境之间综合评估、配置和升级服务器、客户端和设备的解决方案。 System Center Configuration Manager中存在XSS漏洞，代码可被反注入到用户的结果页面，导致单击后执行攻击者控制的代码。 0 Microsoft Systems Management Serve...

Slackware Advisory SSA:2009-176-01 seamonkey

The remote host is missing an update as announced via advisory SSA:2009-176-01. OpenVAS Vulnerability Test $Id: esoftslkssa200917601.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Fedora 16 : keepalived-1.2.3-2.fc16 (2012-12367)

Update to keepalived v1.2.3 stable release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 17 : gnome-keyring-3.4.1-3.fc17 (2012-12368)

GPG agent did not respect cache expiry settings. Backported patch to fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

IBM WebSphere Application Server管理员权限访问安全绕过漏洞

BUGTRAQ ID: 55309 CVE ID: CVE-2012-3325 IBM WebSphere Application Server WAS是由IBM遵照开放标准开发并发行的一种应用服务器。 IBM WebSphere Application Server 6.1.0.43、7.0.0.21-7.0.0.23、8.0.0.2-8.0.0.4、8.5.0.0在验证用户凭证时存在错误，可被利用以管理员身份访问应用。成功利用此漏洞需要应用PM44303的临时修复或包含PM44303的修复包。 0 IBM Websphere Application Server 8.0.0.4 IB...

MediaWiki 1.x userlang参数跨站脚本漏洞

Bugtraq ID:55370 CVE ID: CVE-2012-4378 MediaWiki是一套以GPL授权发行的Wiki引擎。 通过"uselang"参数传递给index.php的输入在通过某些工具返回给用户之前缺少过滤，可导致基于DOM的跨站脚本攻击，构建构建恶意WEB页，诱使用户解析，可获得敏感信息或劫持用户会话。 0 MediaWiki 1.x 厂商解决方案 MediaWiki 1.18.5或1.19.2已经修复此漏洞，建议用户下载使用： http://wikipedia.sourceforge.net/...

WordPress Plugin &#39;Quick Post Widget&#39; 1.9.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...

Mozilla Firefox Multiple Vulnerabilities - August12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnaug12win.nasl 5958 2017-04-17 09:02:19Z teissa $ Mozilla Firefox Multiple Vulnerabilities - August12 Windows Authors: Rachana Shetty Copyright: Copyright c...

Mozilla Firefox about:newtab权限提升漏洞

Bugtraq ID:55249 CVE ID: CVE-2012-3965 Mozilla Firefox/是Mozilla所发布的WEB浏览器。 Mozilla Firefox把Chrome特权about:newtab保持在历史链中，允许攻击者装载about:newtab提升权限，在系统上执行任意代码。 0 Firefox 15 厂商解决方案 Firefox 15已经修复此漏洞，建议用户下载使用： http://www.mozilla.org...

Linux Kernel 'madvise_remove()'函数本地拒绝服务漏洞

BUGTRAQ ID: 55151 CVE ID: CVE-2012-3511 Linux Kernel其基础为linux平台，linux为C语言编写的内核，基于此内核又衍生出了具体的Red hat linux 、open suse linux等具体的操作系统，一套基于Linux内核的完整操作系统叫作Linux操作系统，或是GNU/Linux。 Linux Kernel在 "madviseremove" 函数的实现上存在释放后重用漏洞，可被恶意本地用户利用造成引用已经释放的内存。 0 Linux kernel 3.4.x Linux kernel 3.2.x Linux kernel...

Google Chrome OS 远程代码执行漏洞

BUGTRAQ ID: 55135 CVE ID: CVE-2012-2864 Chrome OS是一款Google正式宣布处于开发中的基于PC的操作系统。 Google Chrome OS 21.0.1183.0之前版本在实现上存在远程代码执行漏洞，攻击者可利用此漏洞在系统中执行任意代码或造成拒绝服务。 0 Google Chrome OS 0.9.130.14 Beta 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...

Fedora 17 : calligra-2.5.0-2.fc17 / calligra-l10n-2.5.0-2.fc17 (2012-11566)

New stable release, which includes security fix for msword-odf import filter. See also: http://www.calligra.org/news/calligra-2-5-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

PostgreSQL 'xml_parse()'任意文件访问漏洞

Bugtraq ID:55074 CVE ID: CVE-2012-3489 PostgreSQL是一款对象关系型数据库管理系统，支持扩展的SQL标准子集。 PostgreSQL解析XML文档中的DTD数据时"xmlparse"函数存在错误，可被利用读取任意文件。 0 PostgreSQL 8.x PostgreSQL 9.x 厂商解决方案 PostgreSQL 9.1.5, 9.0.9, 8.4.13或8.3.20已经修复此漏洞，建议用户下载使用： http://www.postgresql.org...

PostgreSQL 'xslt_process()'任意文件创建或覆盖漏洞

Bugtraq ID:55072 CVE ID: CVE-2012-3488 PostgreSQL是一款对象关系型数据库管理系统，支持扩展的SQL标准子集。 PostgreSQL解析XSLT样式表时"xsltprocess"函数存在错误，允许攻击者利用漏洞创建或覆盖任意文件。 0 PostgreSQL 8.x PostgreSQL 9.x 厂商解决方案 PostgreSQL 9.1.5, 9.0.9, 8.4.13或8.3.20已经修复此漏洞，建议用户下载使用： http://www.postgresql.org...

Microsoft Internet Explorer虚函数表远程代码执行漏洞

Bugtraq ID:54951 CVE ID:CVE-2012-2522 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer没有正确处理内存中的对象，允许远程攻击者通过访问已经删除的破坏的虚函数表执行任意代码。攻击者可以构建恶意WEB页，诱使用户解析触发此漏洞。 0 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6...