[InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability

LightNEasy - HTML Injection Vulnerability Version Affected: 2.2.2 15th January 2009 newest Info: LightNEasy, a simple and light Content Management System and Website Builder Credits: InterN0T External Links: http://lightneasy.org/ -:: The Advisory ::- Vulnerable Input Fields: 1. Comment...

CUPS cups/ipp.c空指针引用拒绝服务漏洞

BUGTRAQ ID: 35169 CVECAN ID: CVE-2009-0949 Common Unix Printing System（CUPS）是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 在处理包含有两个IPPTAGUNSUPPORTED标签的特质IPP时，CUPS的cups/ipp.c文件中的ippReadIO函数没有正确地初始化ipp结构，这可能导致受影响的应用崩溃。 cups/ipp.c文件中的ippReadIO函数负责初始化表示当前IPP请求中不同标签的ipp结构...

CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...

Core Security Technologies Advisory 2009.0420

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...

ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow

The remote Windows host is running a version of ImageMagick earlier than 6.5.2-9. Such versions reportedly fail to properly handle malformed 'TIFF' files in the 'XMakeImage' function. If an attacker can trick a user on the remote host into opening a specially crafted file using the affected...

AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Windows)

This host is installed with AVG AntiVirus Product Suite for Windows and is prone to Malware Detection Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodavgdetectionbypassvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ AVG AntiVirus Engine Malware Detection Bypass Vulnerability Windows...

StoneTrip S3DPlayers remote command injection

StoneTrip S3DPlayers remote command injection 1. Advisory Information Title: StoneTrip S3DPlayers remote command injection Advisory Id: CORE-2009-0401 Advisory URL: Date published: 2009-05-28 Date of last update: 2010-05-18 Vendors contacted: StoneTrip Release mode: User release 2. Vulnerability...

Joomla Component com_rsgallery2 1.14.x/2.x Remote Backdoor Vuln

No description provided by source. Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Fedora 9 : wireshark-1.0.8-1.fc9 (2009-5339)

Upgrade to 1.0.8 fixes various security flaws. http://www.wireshark.org/security/wnpa-sec-2009-02.html http://www.wireshark.org/security/wnpa-sec-2009-03.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora 10 : quagga-0.99.12-1.fc10 (2009-5284)

The latest upstream version fixes serious assert crashing with ASN4's. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)

Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability

Eggdrop is prone to a remote denial-of-service vulnerability because it fails to adequately validate user-supplied input. An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. This issue is related to the vulnerability described in BID 24070...

Google Chrome < 1.0.154.65 WebKit SVGList Object Handling Memory Corruption

The version of Google Chrome installed on the remote host is earlier than 1.0.154.65. Such versions are reportedly affected by a memory corruption issue. An attacker could exploit this flaw in order to run arbitrary code inside the Google Chrome sandbox. %NASLMINLEVEL 70300 C Tenable Network...

TinyWebGallery/QuiXplorer Local File Include Vulnerability

TinyWebGallery and QuiXplorer are prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks...

Google Chrome Multilpe XSS Vulnerabilities (May 09)

The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultxssvulnmay09.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Multilpe XSS Vulnerabilities May 09 Authors: Nikita MR Copyright: Copyright c 2009 Greenbone...

Trend Micro OfficeScan Client Denial Of Service Vulnerability

This host is installed with Trend Micro OfficeScan Client and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: secpodtrendmicroofficescandosvuln.nasl 5369 2017-02-20 14:48:07Z cfi $ Trend Micro OfficeScan Client Denial Of Service Vulnerability Authors: Antu Sanadi...

NotFTP config.php本地文件包含漏洞

BUGTRAQ ID: 34636 CVECAN ID: CVE-2009-1407 NotFTP是用PHP编写的基于Web的HTTP-FTP网关。 NotFTP的config.php脚本没有正确地过滤用户所提交的参数，如果远程攻击者在提交的URL请求中使用newlang参数指定了本地系统的恶意文件的话，就可能在Web服务器上读取敏感信息或执行任意代码。以下是config.php脚本中的有漏洞代码段： if isset$newlang requireonce"lib/lang/".$languages$newlang"file"; elseif...

Microsoft Windows线程池ACL本地权限提升漏洞（MS09-012）

BUGTRAQ ID: 34444 CVECAN ID: CVE-2009-0080 Microsoft Windows是微软发布的非常流行的操作系统。 Windows对当前ThreadPool中的线程设置了错误的ACL，本地攻击者可以利用令牌劫持的方式获得权限提升。成功利用此漏洞的攻击者可以完全控制受影响的系统，攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 临时解决方法： IIS 6.0 -...

Fedora 10 : postgresql-8.3.7-1.fc10 (2009-2959)

Update to PostgreSQL 8.3.7, for various fixes described at http://www.postgresql.org/docs/8.3/static/release-8-3-7.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...