Mageia: Security Advisory (MGASA-2020-0451)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4747-1: GNU Screen vulnerability

Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code...

Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

USN-4581-1: Python vulnerability

It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

USN-4570-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3184-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3184-1 advisory. It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's...

USN-3184-1 irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

USN-3184-1: Irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

clearswift mimesweeper for web 4.0/5.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10918/info Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. To carry out an attack an attacker may specify a relative path to ...

telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8998/info It has been reported that SimpleWebserver may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient...

Netgear FM114P Wireless Firewall File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the...

PJ CGI Neo Review Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9524/info It has been reported that PJ CGI Neo Review may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory by using '../' character...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."...

CVE-2009-4142

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

USN-870-1: PyGreSQL vulnerability

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Becau...

Apache Cygwin 1.3.x/2.0.x - Directory Traversal

source: https://www.securityfocus.com/bid/9733/info It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on...

Opera Browser 6.0 6 - URI Display Obfuscation

Opera Browser 6.0 6 - URI Display Obfuscation source: https://www.securityfocus.com/bid/9281/info A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a...

minihttp file-sharing for net 1.5 - Directory Traversal

minihttp file-sharing for net 1.5 - Directory Traversal source: https://www.securityfocus.com/bid/8619/info It has been reported that WebForums and File-Sharing for NET are prone to a remote directory traversal attack due to insufficient sanitization of user-supplied data. This vulnerability coul...