PT-2013-2141 · Ruby · Ruby Parser

Name of the Vulnerable Software and Affected Versions: ruby parser gem versions 3.1.1 and earlier Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to the diff pp function in lib/gauntlet...

MyBB 1.6.9 full path disclosure

Exploit for windows platform in category web applications MyBB has released its update on 15th December. MyBB 1.6.9 is still affected with full path disclosure vulnerablity author : cyb3rboy website: freemium-devils.in code104.net greetz cyberace, ketan , shubham , S3v3n , th3 d3stroyer , amol th...

MyBB 1.6.8 multiple full-path disclosure vulnerability

Exploit for php platform in category web applications Title: MyBB 1.6.8 FPD Author: KrypTiK Vendor or Software Link: www.mybb.com/downloads Version: MyBB 1.6.8 Latest Category: webapps Google Keywords: intext:Powered By MyBB, © 2002-2012 MyBB Group Tested on: Linux 1...

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released. This release contains several security fixes related to the way XML is handled, and as such, we recommend everyone to upgrade. These issues have been reported by Pádraic Brady from the Zend Framework team; I would like to thank him for the very detailed repo...

Microsoft Wordpad 5.1 - .doc Null Pointer Dereference

Microsoft Wordpad 5.1 - .doc Null Pointer Dereference Microsoft Wordpad 5.1 .doc Null Pointer Dereference Vulnerability Found by condis Tested on Windows XP SP 3 Proffesional PL MS Wordpad 5.1 Compilation 2600.xpsp.080413-2111 SP 3 This isn't bug from CWE 2009-0259 $ Binnary diff of template file...

Fedora 16 : ReviewBoard-1.6.3-1.fc16 (2011-15935)

New upstream security release 1.6.3 - Security Fixes : - A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript Note that Tenable Network Security has extracted...

CVE-2011-4312

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...

CVE-2011-4312

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...

[SECURITY] Fedora 16 Update: kdesdk-4.7.1-1.fc16

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided translation...

CVE-2011-3759

MyBB aka MyBulletinBoard 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files...

Fedora 13 : cgit-0.9-1.fc13 (2011-2815)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora 14 : cgit-0.9-1.fc14 (2011-2803)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora Update for patch FEDORA-2011-1272

Check for the Version of patch OpenVAS Vulnerability Test Fedora Update for patch FEDORA-2011-1272 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Fedora Update for patch FEDORA-2011-1269

Check for the Version of patch OpenVAS Vulnerability Test Fedora Update for patch FEDORA-2011-1269 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 13 Update: patch-2.6.1-8.fc13

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 14 Update: patch-2.6.1-8.fc14

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 13 Update: kdesdk-4.4.3-1.fc13.1

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

[SECURITY] Fedora 11 Update: kdesdk-4.4.2-1.fc11

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...