Ubuntu: Security Advisory (USN-1054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Working on More "Attack Aware" Applications

Mozilla is working on making their web applications more “attack aware,” according to a blog post on the company’s Web Application Security blog Wednesday. In the blog post, Mozilla’s web security nomad Michael Coates, discusses how these “attack aware” applications will be able to differentiate...

Installation Path Disclosure Weakness in Flatnux

High-Tech Bridge SA Security Research Lab has discovered a weakness in Flatnux which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Flatnux The weakness exists due to application reveals the full path to installation directory in...

Ubuntu 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1054-1)

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Rosenberg discovered that the Linux kernel TIPC implementation...

SQL Injection Vulnerabilities in Seo Panel

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Seo Panel which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in Seo Panel 1.1 The vulnerability exists due to input sanitation errors in the "langcode" parameter in...

OpenSC < 0.12.0 Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities - Windows

OpenSC is prone to multiple buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java Access Manager And OpenSSO Unspecified Vulnerability

The host is running Access Manager or OpenSSO and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: secpodoraclesamnopenssounspecifiedvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Oracle Java Access Manager and OpenSSO Unspecified Vulnerability Authors: Antu Sanadi Copyright:...

Cross-site Scripting (XSS) Vulnerabilities in Gollos

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Gollos which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Gollos 1.1 The vulnerability exists due to input sanitation errors in the "returnurl" paramet...

RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01

Check for the Version of openoffice.org and openoffice.org2 OpenVAS Vulnerability Test RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

CVE-2010-3454

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC fi...

CVE-2010-3454

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC fi...

CVE-2010-3454

OpenOffice.org/OpenOffice.org2/3.x before 3.3 is affected by multiple off-by-one and out-of-bounds write flaws in WW8DopTypography::ReadFromMem (OOo), triggered by crafted Word .DOC typography data. This can cause denial of service or arbitrary code execution. Remediation: apply the patched/OpenO...

Google Chrome multiple vulnerabilities - Jan11 (Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnjan11lin.nasl 7052 2017-09-04 11:50:51Z teissa $ Google Chrome Multiple Vulnerabilities - Jan11 Linux Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks...

Fedora 14 : myproxy-5.3-1.fc14 (2011-0514)

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification : The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The...

SuSE 10 Security Update : libxmlrpc (ZYPP Patch Number 6857)

This update of libxmlrpc is not vulnerable anymore to denial of service bugs that can occur while processing malformed XML input. - CVE-2009-3720: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Insufficient Information CWE-noinfo CVE-2009-3560: CVSS v2 Base Score: 5.0 MEDIUM...

RHEL 6 : webkitgtk (RHSA-2011:0177)

Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

Moderate: Red Hat Security Advisory: webkitgtk security update

Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

SuSE 10 Security Update : ed (ZYPP Patch Number 7301)

This update fixes a heap-based buffer overflow in ed which can be exploited remotely only with user-assistance. CVE-2008-3916: CVSS v2 Base Score: 9.3 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C: Buffer Errors. CWE-119 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin i...

Multiple Vulnerabilities in ReOS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ReOS which could be exploited to perform SQL injection attacks and compromise vulnerable system. 1 SQL injection vulnerabilities in ReOS 1.1 The vulnerability exists due to input sanitation errors in the...

CVE-2011-0491

The torrealloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service daemon crash via unspecified vectors, related to "underflow errors."...