MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (8)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

Ghostscript 'CCITTFax' Decoding Filter - Denial of Service Vulnerability

No description provided by source. Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed...

OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30013/info OpenLDAP is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny service to legitimate users by crashing affected servers. OpenLDAP 2.3.41 is vulnerable to this issue;...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)

update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...

openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)

Changes in xulrunner : - update to 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrectly appli...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

VLC was updated to version 2.1.3 bnc864422 : + Core : - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlcreaddir + Access : - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders : - Fix numerous issues M2TS,...

openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

libtasn1 security update

CentOS Errata and Security Advisory CESA-2014:0596 Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Linux 6 : libtasn1 (ELSA-2014-0596)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0596 advisory. 2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when...

libtasn1 security update

2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when decoding DER lengths 804920...

UBUNTU-CVE-2014-0190

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service NULL pointer dereference via invalid width and height values in a GIF image...

Ubuntu: Security Advisory (USN-2189-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WeeChat: Multiple vulnerabilities

Background Wee Enhanced Environment for Chat WeeChat is a light and extensible console IRC client. Description Two vulnerabilities have been discovered in WeeChat: The hookprocess function does not properly handle shell expansions CVE-2012-5534. WeeChat does not properly decode colors which could...

USN-2189-1 thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially...

USN-2189-1: Thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially...

MozillaThunderbird,seamonkey (important)

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...

Lavarel-Security XSS Filter Bypass Vulnerability

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...

Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)

Heap-based buffer overflow in the readu32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG image...