Fedora 13 : php-pear-CAS-1.1.3-1.fc13 (2010-15943)

This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy mode. The release is fully compatible with all versions 1.1.x versions. The changes are : Security Issue - CVE-2010-3690 phpCAS: X...

Fedora 14 : php-pear-CAS-1.1.3-1.fc14 (2010-15796)

This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy mode. The release is fully compatible with all versions 1.1.x versions. The changes are : Security Issue - CVE-2010-3690 phpCAS: X...

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU PGTiou parameter...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

qemu: insufficient constraints checking in exec.c:subpage_register()

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

qemu: insufficient constraints checking in exec.c:subpage_register()

The subpage MMIO initialization functionality in the subpageregister function in exec.c in QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS...

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...

Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function...

Microsoft Windows - CreateWindow Function Callback (MS10-048)

Microsoft Windows - CreateWindow Function Callback MS10-048 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Window...

Microsoft Windows CreateWindow function callback vulnerability

Core Security - CoreLabsMicrosoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function callback vulnerability Advisory Id: CORE-2010-0623 Advisory URL:...

Microsoft Windows - CreateWindow Function Callback (MS10-048)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function callback vulnerability Advisory Id:...

CVE-2010-2796

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

Cross site scripting

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

CVE-2010-2796

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

CVE-2010-1209

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

Design/Logic Flaw

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

CVE-2010-1209

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

MDVA-2010:129 : netcdf

This updates fixes a wrong Obsoletes: tag on netcdf package which would break upgrades to 2010.1. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was...

ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability

ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-130 July 20, 2010 -- CVE ID: CVE-2010-1209 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x --...