USN-1050-1: Thunderbird vulnerabilities

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

USN-1049-1: Firefox and Xulrunner vulnerabilities

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

Mozilla Thunderbird 3.1 < 3.1.8 Multiple Vulnerabilities

The installed version of Thunderbird 3.1 is earlier than 3.1.8. Such versions are potentially affected by multiple vulnerabilities : - Multiple memory corruption errors exist and may lead to arbitrary code execution. MFSA 2011-01 - An input validation error exists in the class,...

Firefox 3.6 < 3.6.14 Multiple Vulnerabilities

The installed version of Firefox 3.6 is earlier than 3.6.14. Such versions are potentially affected by multiple vulnerabilities : - Multiple memory corruption errors exist and may lead to arbitrary code execution. MFSA 2011-01 - An error exists in the processing of recursive calls to 'eval' when...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities (USN-1049-1)

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

php: XSS mitigation bypass via utf8_decode()

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Fedora 14 : perl-Convert-UUlib-1.34-1.fc14 (2011-0052)

Perl extension Convert::UUlib 1.34 : - Fix a one-byte-past-end-write buffer overflow in UURepairData reported, analysed and testcase provided by Marco Walther - Quoted-printable decoding was completely broken, try a fix Note that Tenable Network Security has extracted the preceding description...

Fedora 13 : perl-Convert-UUlib-1.34-1.fc13 (2011-0062)

Perl extension Convert::UUlib 1.34 : - Fix a one-byte-past-end-write buffer overflow in UURepairData reported, analysed and testcase provided by Marco Walther - Quoted-printable decoding was completely broken, try a fix Note that Tenable Network Security has extracted the preceding description...

Ubuntu: Security Advisory (USN-1042-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1042-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...

Microsoft Windows - Task Scheduler Privilege Escalation

Exploit Title: Windows Task Scheduler Privilege Escalation 0day Date: 20-11-2010 Author: webDEViL Tested on: Windows 7/2008 x86/x64 crctable = new Array 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988,...

Moderate: Red Hat Security Advisory: pidgin security update

Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

(libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...

Ubuntu Update for pidgin vulnerabilities USN-1014-1

Ubuntu Update for Linux kernel vulnerabilities USN-1014-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10141.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for pidgin vulnerabilities USN-1014-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-5016

Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...

PT-2010-1171 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.3.4 Description: The issue arises from the utf8 decode function not properly handling non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data. This makes it easier for remote attackers to bypass...

USN-1014-1: Pidgin vulnerabilities

Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS...

CentOS Update for finch CESA-2010:0788 centos4 i386

Check for the Version of finch OpenVAS Vulnerability Test CentOS Update for finch CESA-2010:0788 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

libpurple library / Pidgin DoS

Crash on base64 decoding in different protocols...