1345 matches found
Dolibarr Multiple Script URI XSS
The version of Dolibarr on the remote host fails to properly sanitize parameters in 'index.php' before using them to generate dynamic HTML. By tricking someone into clicking on a specially crafted link, an attacker may be able exploit this issue to inject arbitrary HTML and script code in a user'...
Microsoft Internet Explorer VML样式远程代码执行漏洞(CVE-2012-0172)(MS12-023)
BUGTRAQ ID: 52906 CVE ID: CVE-2012-0172 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer在访问已经删除的对象时在实现上存在可以破坏内存的远程代码执行漏洞,攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x...
Fedora 17 : asterisk-10.2.1-1.fc17 (2012-4230)
Update to 10.2.1, which fixes 2 security vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 15 : openssl-1.0.0h-1.fc15 (2012-4659)
This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora 17 : openssl-1.0.0h-1.fc17 (2012-4630)
This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora 16 : openssl-1.0.0h-1.fc16 (2012-4665)
This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Linux kernel 2.6.x 'exec()'本地拒绝服务漏洞
Bugtraq ID: 51947 CVE ID:CVE-2012-0028 Linux是一款开源的操作系统 Linux Kernel 'exec'存在一个安全漏洞,允许本地非特权用户利用此缺陷进行拒绝服务攻击 0 Linux kernel 2.6.x 厂商解决方案 OpenVZ Project OpenVZ 028stab098.1已经修复此漏洞,建议用户下载使用: http://wiki.openvz.org/Download/kernel/rhel5/028stab098.1...
Adobe Flash Player 远程内存破坏漏洞(CVE-2012-0725)
Bugtraq ID: 52914 CVE ID:CVE-2012-0725 Google Chrome是一款流行的WEB浏览器。Adobe Flash Player是一款Flash文件处理程序 Windows, Macintosh, Linux和Solaris平台下的Adobe Flash Player 11.1.102.63和之前版本,Android 3.x和2.x下的Adobe Flash Player 11.1.111.7及之前存在多个严重漏洞。这些漏洞可导致应用程序崩溃或可能允许攻击者完全控制受影响系统 Chrome interface中的Flash...
Python 'trytond'模块'Many2Many'字段安全限制绕过漏洞
BUGTRAQ ID: 52804 CVE ID: CVE-2012-0215 Python是一种面向对象、直译式计算机程序设计语言,也是一种功能强大的通用型语言。 Python在trytond模块验证访问关系模型中的"Many2Many"字段的权限时,在实现上存在安全漏洞,可被利用添加用户到其他组并获取其他权限。 0 Debian Linux 6.0 x Python trytond 2.2.1 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...
Joomla! 1.5.x可预测密码生成和信息泄露漏洞
Bugtraq ID: 52750 Joomla!是基于php+mysql模式的快速建站系统 Joomla!存在安全漏洞,允许攻击者获得敏感信息或绕过安全限制 -密码生成算法存在错误可生成可猜测密码,通过密码重置功能可猜测生成的密码信息。 -存在一个不充分权限检查错误,可被利用获得管理员后端的部分敏感信息 0 Joomla! 1.5.x 厂商解决方案 Joomla! 1.5.26已经修复此漏洞,建议用户下载使用: http://www.joomla.org/...
Cisco IOS 15.x组播源发现协议远程拒绝服务漏洞
BUGTRAQ ID: 52759 CVE ID: CVE-2012-0382 MSDP是用于连接多个PIM-SM域的协议,允许一个组的组播源让不同域内的所有RP知悉。 从外部MSDP配置的对等路由器接收到包含压缩的IGMP数据的MSDP报文时,可造成受影响设备重载。如果该路由器明确的加入了组播组,才可利用此漏洞。MSDP报文目标地址是单一传播,可发往受影响设备上的任何IP地址,包括回送地址。通行报文不会触发此漏洞。 0 Cisco IOS 15.x 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20120328-msdp)以及相应补丁:...
Fedora 16 : gnutls-2.12.14-2.fc16 (2012-4578)
Update fixing an important security issue and memory leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Asterisk SRTP Video Stream Negotiation Remote Crash (AST-2012-001)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. The vulnerability can be triggered by attempting to negotiate a secure video stream when it has not bee...
Apache 'mod_fcgid'模块 2.3.6 拒绝服务漏洞
Bugtraq ID: 52565 CVE ID:VE-2012-1181 modfcgid是一个跟modfastcgi兼容的Apache module modfcgid 2.3.6没有正确处理配置在VirtualHost中的FcgidMaxProcessesPerClass参数引入的一个回溯可导致FcgidMaxProcessePerClas不起作用,攻击者可以利用漏洞对模块进行拒绝服务攻击 0 Apache Software Foundation modfcgid 2.3.6 厂商解决方案 Apache ----- Apache Software Foundation modfcgi...
Fedora 17 : condor-7.7.5-0.2.fc17.2 (2012-3263)
Update to latest development release 7.7.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
Fedora 17 : libpng-1.5.9-1.fc17 (2012-3605)
Update to latest versions for minor security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 15 : condor-7.7.5-0.2.fc15 (2012-3363)
Update to latest development release 7.7.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
Microsoft Expression 'wintab32.dll' DLL加载任意代码执行漏洞(MS12-022)
BUGTRAQ ID: 52375 CVE ID: CVE-2012-0016 Expression Design 是个专业的插图和图形设计工具,可让您为 Web 和桌面应用程序使用者接口建立吸引人的项目。 Microsoft Expression以不安全的方式加载某些库,通过诱使用户打开远程WebDAV或SMB共享上的.xpr或.DESIGN文件,远程攻击者可利用此漏洞控制用户系统。 0 Microsoft Expression Design 4 Microsoft Expression Design 3 Microsoft Expression Design 2 Microsoft...
linux/x86 Bugtraq shutdown modsecurity shellcode 64 bytes
Title :Bugtraq shutdown modsecurity -Linux/x86 shellcode 64 bytes Author : TrOoN E-mail : http://www.facebook.com/alexydant my new facebook Home : city 617 logt Draria algeria Web Site : www.1337day.com Facebook : http://www.facebook.com/alexydant my new facebook platform : Bugtraq Eng Type :...
Bugtraq-I : Distribution for Pentesting and forensics
Bugtraq-I : Distribution for Pentesting and forensics Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a...