Fedora 16 : nip2-7.24.2-1.fc16 / vips-7.24.7-2.fc16 (2011-10769)

7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Fedora 16 : cifs-utils-5.0-2.fc16 (2011-10028)

This is an update that fixes a problem with handling embedded newlines in share names or mountpoints. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 14 : zabbix-1.8.6-1.fc14 (2011-10601)

update to 1.8.6 - upstream changelog at http://www.zabbix.com/rn1.8.6.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Linux Kernel 'perf'工具本地特权提升漏洞

Bugtraq ID: 49140 CVE ID：CVE-2011-2905 Linux是一款开放源代码的操作系统。 perf工具从当前目录装载配置文件存在缺陷，构建用户在包含恶意配置文件中的目录中执行perf工具，可提升特权。 Linux kernel 2.6.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aba8d056078e47350d85b06a9cabd5afcc4b72ea...

Sybase Unwired Platform本地安全绕过漏洞

Bugtraq ID: 49114 Sybase Unwired Platform是一款移动企业应用程序平台，可支持快捷地开发移动应用程序，以使企业用户能够利用多种移动设备安全地访问广泛的业务数据。 RIM黑莓设备平台上的Sybase Unwired Platform包含一个安全漏洞，其设备数据库在某些条件下没有正确加密。恶意物理能访问的用户可绕过某些安全限制。 Sybase Unwired Platform 2.0 Sybase Unwired Platform 1.5.5 Sybase Unwired Platform 1.5.3 Sybase Unwired Platform...

Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X)

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnmar11macosx.nasl 7052 2017-09-04 11:50:51Z teissa $ Apple Safari Multiple Vulnerabilities - March 2011 Mac OS X Authors: Sooraj KS Copyright: Copyrigh...

Microsoft Visio CVE-2011-1972远程代码执行漏洞

Bugtraq ID: 49024 Microsoft Visio是一款微软开发的流程图软件。 在解析特制的Visio文件时，Microsoft Visio校验内存中对象存在一个远程代码执行漏洞，攻击者构建恶意文件，诱使用户解析，可以应用程序上下文执行任意代码 Microsoft Visio 2010 SP1 Microsoft Visio 2010 0 Microsoft Visio 2007 SP2 Microsoft Visio 2007 SP1 Microsoft Visio 2007 0 Microsoft Visio 2003 Standard Microsoft Visio...

Microsoft Windows数据访问组件DLL装载任意代码执行漏洞

Bugtraq ID: 49026 CVE ID：CVE-2011-1975 Microsoft Windows是一款流行的操作系统。 Window数据访问跟踪组件不安全装载库，攻击者可以诱使用户在远程WebDAV或SMB共享上打开Microsoft Excel.xlsx 文件，可以以用户安全上下文装载任意库。 Microsoft Windows Server 2008 Standard Edition X64 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard...

Microsoft Windows DNS Server未初始化内存远程拒绝服务漏洞

Bugtraq ID: 49019 CVE ID：CVE-2011-1970 Microsoft Windows是一款流行的操作系统。 Windows DNS服务处理一个查询不存在域的请求时存在错误，不正确处理未初始化的内存对象可导致DNS服务停止响应，造成拒绝服务攻击。 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Editi...

Microsoft Windows Kernel CVE-2011-1971远程拒绝服务漏洞

Bugtraq ID: 48997 CVE ID：CVE-2011-1971 Microsoft Windows是一款流行的操作系统。 在解析文件中的元数据信息时内核存在错误，可导致系统崩溃。 要成功利用漏洞需要用户浏览器包含特制文件的文件夹如浏览网络共享或WEB站点引用的网络共享 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft...

HP (OpenView Storage) Data Protector Media Management Daemon DoS Vulnerability

HP OpenView Storage Data Protector Manager is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

UUSee UUPlayer ActiveX控件多个远程代码执行漏洞

Bugtraq ID: 48975 CVE ID：CVE-2011-2589 CVE-2011-2590 UUSee是一款集P2P直播点播于一身的网络电视软件。 UUSee存在两个安全漏洞，允许攻击者以应用程序上下文执行任意代码。 -当处理"SendLogAction"方法时UUPlayer ActiveX控件存在边界错误，通过提交超长参数可触发基于堆的缓冲区溢出。 -当处理"Play"方法时UUPlayer ActiveX控件存在输入验证错误，向"MPlayerPath"参数传递UNC路径可以应用程序上下文执行任意程序。 UUSee UUPlayer 6.0.0.1 厂商解决方案...

Linux Kernel 'net/'子系统'af_packet.c'本地信息泄露漏洞

Bugtraq ID: 48986 Linux是一款开放源代码的操作系统。 Linux Kernel 'net/'子系统'afpacket.c'会把VLAN TCI传递到用户空间中，可导致敏感信息泄露。 Linux kernel 2.6.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=13fcb7bd322164c67926ffe272846d4860196dc6...

Fedora 14 : erlang-R14B-03.1.fc14 (2011-9657)

Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Apple Safari WebKit JavaScript 正则表达式处理缓冲区溢出漏洞

CVE:CVE-2008-1010 Bugtraq ID:28338 Apple Safari is prone to a buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code or to crash the affected application. Other attacks are also possible. This issue affects versions prior to Apple Safari 3.1 running on Apple Mac...

Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability

CVE:CVE-2010-3775 Bugtraq ID:45355 Mozilla Firefox and SeaMonkey are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain elevated privileges such as the abilities to read local files, launch processes, and create network connection...

SA500 vulnerabilities - details

Hi Advisory by Cisco was published a few days ago Bugtraq ID: 48810. Now more details: 1. Unathenticated access to web management any user - including admin. Due to blind SQLi in the login form of web management port 443, https, login field, embedded sqlite DB, there is possible to obtain: a all...

HP Network Automation CVE-2011-2402跨站脚本漏洞

Bugtraq ID: 48922 CVE ID：CVE-2011-2402 HP Network Automation是一款自动化网络配置管理工具。 运行在Linux, Solaris和Windows平台下的HP Network Automation存在安全漏洞，允许攻击者进行跨站脚本攻击，攻击者可以获得敏感信息或劫持用户会话。 HP Network Automation 9.10 HP Network Automation 9.0 HP Network Automation 7.6 HP Network Automation 7.5 HP Network Automation 7.2...

Apple Safari 'libxml'远程代码执行漏洞

Bugtraq ID: 48832 CVE ID：CVE-2011-0216 Apple Safari是一款流行的WEB浏览器。 Apple Safari使用的libxml处理XML数据时存在一个单字节堆缓冲区溢出，查看特制的WEB站点可导致应用程序崩溃或可能以应用程序上下文执行任意代码。 Apple Safari 4.1.2 for Windows Apple Safari 4.0.5 for Windows Apple Safari 4.0.5 Apple Safari 4.0.4 for Windows Apple Safari 4.0.4 Apple Safari 4.0.3 f...

IBM WebSphere Application Server 'logoutExitPage'参数安全绕过漏洞

Bugtraq ID: 48710 CVE ID：CVE-2011-1355 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 WebSphere Application Server对logoutExitPage参数缺少正确校验，允许远程攻击者绕过安全限制。攻击者可以利用此漏洞重定向应阻拦的域上面。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...