Debian DSA-2986-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

Debian Security Advisory DSA 2986-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2986.nasl 6692 2017-07-12 09:57:43Z...

Debian: Security Advisory (DSA-2986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2979-1 : fail2ban - security update

Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses,...

DSA-2979-1 fail2ban - security update

Bulletin has no description...

Dirs3arch - HTTP(S) Directory/File Brute Forcer

dirs3arch is a simple command line tool designed to brute force directories and files in websites. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked .htaccess, web.config, etc. Recursive brute forcing Usage: dirs3arch.py -u|--url target...

Ubuntu 14.04 LTS : DBus vulnerabilities (USN-2275-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2275-1 advisory. Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local us...

USN-2275-1: DBus vulnerabilities

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. CVE-2014-3477 Alban Crequy discovered that dbus-daemon incorrectly handled certain...

Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...

Adobe AIR for Mac <= 14.0.0.110 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Adobe AIR on the remote Mac OS X host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...

PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Binary data 8320.prm...

NPDS 4.8 /5.0 reply.php image_subject Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

BloofoxCMS 0.3.5 - Information Disclosure Vulnerabilities

No description provided by source. Vulnerability ID: HTB22660 Reference: http://www.htbridge.ch/advisory/informationdisclosureinbloofoxcms1.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Audit Event System Unspecified Replay Attack

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Unspecified Arbitrary File Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

Wordpress Plugin Better WP Security - Stored XSS

No description provided by source. ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better...

Uebimiau Webmail <= 2.7.2 - Multiple Vulnerabilities.

No description provided by source. Exploit Title: Uebimiau Webmail = 2.7.2 Multiple Vulnerabilities. Date: 13/03/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Test...

NPDS 4.8 /5.0 admin.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

Syslog Server 1.2.3 - Crash PoC

No description provided by source. !/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link:...