1345 matches found
Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0002)
Bugtraq ID:57126 CVE ID: CVE-2013-0002 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft .NET WinForms方法没有正确校验内存中的对象数量,在拷贝这些对象到数组之前缺少正确的边界检查,可触发缓冲区溢出。攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用,诱使用户解析,可完全控制应用系统,执行任意代码。 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0...
Microsoft Windows 本地权限提升漏洞(MS13-005/CVE-2013-0008)
Bugtraq ID:57135 CVE ID: CVE-2013-0008 Microsoft Windows是一款流行的操作系统 Microsoft内核win32k.sys不正确处理window广播消息,允许本地用户利用漏洞提升权限 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows RT Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Vista 厂商解决方案...
Debian DSA-2603-1 : emacs23 - programming error
Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to 'safe'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2603. The...
Fedora 17 : inkscape-0.48.4-1.fc17 (2012-20620)
Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...
Bugtraq Penetration Testing Linux
Bugtraq -2 Blackwidow is a Open-Source Linux Distribution based in Ubuntu and Debian with PAE kernel 3.2 and 3.4 Hacker ‘s suite where you will find all kinds of tools for the best systems auditory. Adapted for beginners in Ethical hacking computer security, and for experts in this field. Is not...
Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]
Overview =============== Cerberus FTP Server http://www.cerberusftp.com/ is a secure and reliable FTP server with many features and available functionality. It was discovered that the Web Administration interface has multiple persistent Cross Site Scripting XSS vulnerabilities. In the log viewer...
Fedora 16 : bind-9.8.4-3.P1.fc16 (2012-19822)
This update fixes CVE-2012-5688. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Bugtraq-II Beta 32 bits Release
Features Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution based on the 3.2 and 3.4 kernel PAE has a huge range of penetration, forensic and laboratory tools. Bugtraq is available with XFCE, Gnome and KDE...
Firefly Media Server firefly.exe畸形HTTP请求远程拒绝服务漏洞
BUGTRAQ ID: 56999 CVECAN ID: CVE-2012-5875 Firefly Media Server是开源的音频媒体服务器。 Firefly Media Server 1.0.0.1359及其他版本存在多个空指针引用漏洞,恶意用户可利用这些漏洞造成远程服务器崩溃。 1)"firefly.exe"文件内的HTTP CONNECTION标头没有正确处理,通过发送特制的报文到9999/TCP端口,可导致空指针引用,造成受影响服务器立即崩溃。 崩溃细节: EIP: 0041e223 cmp byte ecx,0x20 EAX: 0175eee8 24506088 -...
Microsoft Windows TrueType Font (TTF)远程代码执行漏洞(MS12-078)
BUGTRAQ ID: 56842 CVECAN ID: CVE-2012-4786 Microsoft Windows是Microsoft开发的Windows是目前世界上用户最多、并且兼容性最强的操作系统。 Microsoft Windows未正确处理TrueType Font TTF文件而存在安全漏洞。通过诱使用户浏览恶意网站或打开恶意文件,未经身份验证的远程攻击者可利用此漏洞在内核态中执行任意代码。 0 Microsoft Windows RT Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP...
Microsoft Internet Explorer InjectHTMLStream函数释放后重用远程代码执行漏洞(MS12-077)
BUGTRAQ ID: 56828 CVECAN ID: CVE-2012-4781 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 Microsoft Internet Explorer 6、7、8、9、10在处理恶意HTML内容时,"InjectHTMLStream"函数存在错误的内存操作,通过引诱用户浏览恶意网站,未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft...
Microsoft Internet Explorer Ref Counting释放后重用远程代码执行漏洞(MS12-077)
BUGTRAQ ID: 56830 CVECAN ID: CVE-2012-4787 Microsoft Internet Explorer是微软公司推出的一款网页浏览器,使用相当广泛。 Microsoft Internet Explorer 6、7、8、9、10在处理恶意HTML内容时,Ref Counting存在错误的内存操作,通过引诱用户浏览恶意网站,未经身份验证的远程攻击者可利用此漏洞以当前用户权限执行任意代码。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet...
Fedora 17 : drupal6-ctools-1.10-1.fc17 (2012-19464)
New security release, http://drupal.org/node/1841030. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
ISC BIND 9 DNS64 REQUIRE断言失败拒绝服务漏洞
BUGTRAQ ID: 56817 CVECAN ID: CVE-2012-5688 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9.8.0及更高版本支持 DNS64 IPv6转换机制,如果启用了dns64配置状态,BIND 9域名服务器在解析特制的请求时,会触发REQUIRE断言失败,造成服务器崩溃。此漏洞可被远程利用,9.8.0之前版本、不启用DNS64时不受此漏洞的影响。 0 ISC BIND 9.9.0-9.9.2 ISC BIND 9.8.0-9.8.4 临时解决方法: 对于启用了DNS64的BIND...
Oracle MySQL/MariaDB 不安全Salt生成安全绕过漏洞(CVE-2012-5627)
Bugtraq ID:56837 CVE ID:CVE-2012-5627 MySQL是一款开源关系型数据库管理系统。MariaDB是一个采用Maria存储引擎的MySQL分支版本。 MySQL处理密码salt值存在漏洞,当用户登录MySQL时,会生成Salt值用于防止密码猜测攻击。此salt值在会话开始时创建并用于整个会话,如果通过验证的攻击者使用MySQL "changeuser"命令尝试以其他用户登录,由于Salt已知,可导致密码猜测更有效率。 0 MySQL 5.5.19及其他版本 MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66 MariaDB...
GreenBrowser iframe Handling Double Free Vulnerability (Windows)
This host is installed with GreenBrowser and is prone to double free vulnerability. OpenVAS Vulnerability Test $Id: gbgreenbrowserdoublefreevulnwin.nasl 6022 2017-04-25 12:51:04Z teissa $ GreenBrowser iframe Handling Double Free Vulnerability Windows Authors: Rachana Shetty Copyright: Copyright c...
Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink报文处理拒绝服务漏洞
Bugtraq ID:56710 CVE ID:CVE-2012-5532 Linux是一款开源的操作系统。 当处理伪造的Netlink报文时,会导致hypervkvpd退出,本地攻击者可以利用漏洞发送非零nlpid源地址Netlink消息使系统崩溃。 0 Linux kernel 2.6.x 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: https://git.kernel.org/?p=linux/kernel/git/gregkh/char-misc.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef...
Fedora 17 : weechat-0.3.8-4.fc17 (2012-18526)
Fix arbitrary code execution due to call of shell when executing command within hookprocess Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
iOS Instagram中间人信息泄露漏洞
Bugtraq ID:56603 Instagram是一款运行在iOS平台上的移动应用,以一种快速、美妙和有趣的方式将你随时抓拍下的图片分享。 iOS平台下的Instagram应用通过HTTP协议传送用户图像内容,允许攻击者通过中间人攻击或嗅探网络信息,截获会话信息,删除或下载用户私有图片。 0 Instagram for iOS 3.x 厂商解决方案 目前没有详细解决方案提供: http://instagram.com/...
Microsoft Windows Kernel 'Win32k.sys' TrueType字体解析远程代码执行漏洞(MS12-075)
BUGTRAQ ID: 56457 CVE ID: CVE-2012-2897 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows 7内核处理特制的TrueType字体文件时存在远程代码执行漏洞,如果用户打开特制的TrueType字体文件,此漏洞可允许远程代码执行。 0 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Vista...