[SECURITY] Fedora 18 Update: nodejs-asn1-0.1.11-3.fc18

nodejs-asn1 is a library for encoding and decoding Abstract Syntax Notation One ASN.1 datatypes in pure JavaScript. ASN.1 is is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking...

SuSE 11.3 Security Update : curl (SAT Patch Number 7932)

This update of curl fixes a security issue in libcurl URL buffer decoding. bnc824517 / CVE-2013-2174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell,...

Oracle Linux 5 : libtiff (ELSA-2009-1159)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1159 advisory. - Fix buffer overrun risks caused by unchecked integer overflow CVE-2009-2347 Resolves: 507725 - Fix some more LZW decoding vulnerabilities CVE-2009-22...

Oracle Linux 4 : pidgin (ELSA-2010-0788)

From Red Hat Security Advisory 2010:0788 : Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Linux 3 : cups (ELSA-2009-0428)

From Red Hat Security Advisory 2009:0428 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIXr Printing System CUPS provides a...

CVE-2013-3272

EMC Replication Manager RM before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack...

[USN-1885-1] libKDcraw vulnerability

========================================================================== Ubuntu Security Notice USN-1885-1 June 18, 2013 libkdcraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

MGASA-2013-0188 Updated curl packages fix CVE-2013-2174

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

FreeBSD : cURL library -- heap corruption in curl_easy_unescape (01cf67b3-dc3b-11e2-a6cd-c48508086173)

cURL developers report : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...

USN-1885-1: libKDcraw vulnerability

It was discovered that libKDcraw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against libKDcraw could be made to crash, resulting in a denial of service, or possibly execute arbitrary co...

gnutls DoS

Out-of-bounds read on packet decoding...

Mozilla Thunderbird < 12.0 Multiple Vulnerabilities

Binary data 6792.prm...

Microsoft Exchange Server MIME Base64 Decoding Code Execution (MS07-026; CVE-2007-0213) - Improved Performance

A vulnerability exists in the way Microsoft Exchange servers process certain MIME-encoded attachments. An attacker can exploit this vulnerability for code execution in SYSTEM security context...

Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...

Firefox < 20 Multiple Vulnerabilities

The installed version of Firefox is earlier than 20 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788, CVE-2013-0789 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...

SeaMonkey < 2.17 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.17 and thus, is potentially affected by the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788, CVE-2013-0789 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...

DEBIAN-CVE-2013-0791

The CERTDecodeCertPackage function in Mozilla Network Security Services NSS, as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial ...

STUNSHELL Web Shell Remote PHP Code Execution

This module exploits unauthenticated versions of the "STUNSHELL" web shell. This module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads. This module requires Metasploit: https://metasploit.com/download Current source:...

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them. This is a list of changes made to this version: + Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful + Added Filter...

openjpeg library security vulnerabilities

Vulnerabilities on JPEG encoding and decoding...