[SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities

SOJOBO-ADV-13-01 - Zenphoto 1.4.5.2 multiple vulnerabilities I. Information ================== Name : Zenphoto 1.4.5.2 multiple vulnerabilities Software : Zenphoto 1.4.5.2 and possibly below. Vendor Homepage : http://www.zenphoto.org/ Vulnerability Type : SQL Injection, Reflected Cross-Site...

CVE-2013-5933

Stack-based buffer overflow in the subE110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service memory corruption by writing a long string to the /dev/socket/initrunit...

Stack overflow

Stack-based buffer overflow in the subE110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service memory corruption by writing a long string to the /dev/socket/initrunit...

Updated perl-Crypt-DSA package fixes security vulnerability

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...

CVE-2013-5155

The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service infinite loop via an application that writes crafted values to /dev/random...

Code injection

The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service infinite loop via an application that writes crafted values to /dev/random...

CVE-2013-5155

CVE-2013-5155 affects Apple iOS prior to 7, specifically the Sandbox subsystem. A malicious or misbehaving app that writes crafted values to /dev/random can trigger an infinite loop, causing a denial of service on the device. Technical detail: the vulnerability arises from how the Sandbox handles...

Fedora 19 : perl-Crypt-DSA-1.17-10.fc19 (2013-15786)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

Fedora 18 : perl-Crypt-DSA-1.17-10.fc18 (2013-15755)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

Design/Logic Flaw

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

CVE-2013-2905 affects Google Chrome

HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure

The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/dev/saverestore.xml' contains a hexadecimal representation of the administrative password. This information can be used by an attacker in further attacks. %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu: Security Advisory (USN-1916-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1916-1: Linux kernel (Raring HWE) vulnerability

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length...

SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994)

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to 3.0.82 and to fix various bugs and security issues. The following security issues have been fixed : - The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel allowed local users to cause a denial of service NUL...

CVE-2013-3797

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS...

Oracle Linux 5 : Important: / kernel (ELSA-2007-0376)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0376 advisory. 2.6.18-8.1.6.0.1.el5 -Fix bonding primary=ethX so it picks correct network Bert Barbe IT 101532 ORA 5136660 -Add entropy module option to e1000 John...

Google Chrome Multiple Vulnerabilities-01 June13 (MAC OS X)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln01jun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Google Chrome Multiple Vulnerabilities-01 June13 MAC OS X Authors: Arun Kallavi Copyright: Copyright c 201...

Debian: Security Advisory (DSA-2704-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...