1001 matches found
DSA-1694-1 xterm - remote code execution
Bulletin has no description...
Fedora 9 : libHX-1.23-1.fc9 / pam_mount-0.47-1.fc9 (2008-7976)
A security flaw in the pammount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message se...
CVE-2008-0869
Cross-site scripting XSS vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with...
Debian: Security Advisory (DSA-831-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerability in core server (CVE-2007-6600)
Two vulnerabilities in how ANALYZE executes user defined functions that are part of expression indexes allows users to gain superuser privileges. A valid login that has permissions to create functions and tables is required to exploit this vulnearbility...
MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit
No description provided by source. / $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi [email protected] This is an helper dynamic library for local privilege escalation through MySQL run with root...
[SECURITY] Fedora 8 Update: xfce4-places-plugin-1.0.0-2.fc8
A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=E2=80=99s Places me nu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined directories home folder,...
[SECURITY] Fedora 7 Update: xfce4-places-plugin-1.0.0-2.fc7
A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=E2=80=99s Places me nu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined directories home folder,...
DEBIAN-CVE-2007-2294
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...
MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)
No description provided by source. -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi [email protected] -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat UDF on...
MySQL 4.x5.0 (Windows) - User-Defined Function Command Execution
MySQL 4.x5.0 Windows - User-Defined Function Command Execution -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat U...
SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists
It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...
Citrix Metaframe privilege escalation
Weak permissions for registry key allow user defined DLL to be attacjed to system level process...
security flaw
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
security flaw
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1118-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...
CentOS 3 : mysql-server (CESA-2005:348)
Updated mysql-server packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL...
DEBIAN-CVE-2006-2776
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
Mozilla may process content-defined setters on object prototypes with elevated privileges
Overview Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code. Description Setters A setter is a method in JavaScript that sets the value of a property. The problem The setters in Mozilla are...
Remote compromise via content-defined setter on object prototypes — Mozilla
Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code, and mozbugra4 was able to develop an exploit PoC that demonstrated that the higher privilege level could be passed along to the content-defined attack code...