Microsoft Office Word Remote Code Execution Vulnerabilities (969514)

This host is missing a critical security update according to Microsoft Bulletin MS09-027. OpenVAS Vulnerability Test $Id: secpodms09-027.nasl 6538 2017-07-05 11:38:27Z cfischer $ Microsoft Office Word Remote Code Execution Vulnerabilities 969514 Authors: Sharath S Copyright: Copyright c 2009...

Gentoo Security Advisory GLSA 200905-08 (ntp)

The remote host is missing updates announced in advisory GLSA 200905-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

cscope -- multiple buffer overflows

Secunia reports: Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted...

The simple missteps that cause data breaches

From SearchSecurity.co.uk Ron Condon Simple mistakes by organisations can cause data loss, and those errors are making it easy for cybercriminals to flourish on the Internet, according to a forensics expert who investigated some of the world’s biggest security breaches. Matthjis van der Wel is he...

MyFirstCMS <= 1.0.2 Remote Arbitrary File Delete Vulnerability

No description provided by source. --+++==========================================================================+++-- --+++========== MyFirstCMS = 1.0.2 Remote File Delete Vulnerability ==========+++-- --+++==========================================================================+++-- + Author...

RedHat Security Advisory RHSA-2009:1055

The remote host is missing updates announced in advisory RHSA-2009:1055. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmissi...

PT-2009-1081 · Opensc · Opensc

Name of the Vulnerable Software and Affected Versions: OpenSC versions prior to 0.11.8 Description: The issue allows attackers to read the cleartext form of messages that were intended to be encrypted due to incorrect public exponents in generated RSA keys. Exploitation of the vulnerabilities can...

CVE-2009-1482

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

PYSEC-2009-6

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

PYSEC-2009-6

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

CVE-2009-1482

Removed by vendor...

CVE-2009-1428

Multiple cross-site scripting XSS vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus SAV before 10.1 MR8, Symantec Endpoint Protection SEP 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus SAV before 10.1 MR8, Symantec Endpoint Protection SEP 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject...

CVE-2009-1428

Multiple cross-site scripting XSS vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus SAV before 10.1 MR8, Symantec Endpoint Protection SEP 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject...

Symantec Log Viewer JavaScript Injection Vulnerabilities

SUMMARY The Log Viewer feature in some Symantec products contains two parsing errors which could be exploited through Java script injection. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Norton 360 | 1.0 | Run LiveUpdate in Interactive Mode Norton Internet Security | 2005 through 200...

FreeBSD : CVS path validation errors (0792e7a7-8e37-11d8-90d1-0020ed76ef5a)

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when...

MDVA-2008:135-1 : draksnapshot

This update fixes several issues in draksnapshot: The draksnapshot applet received the following fixes: - on desktop startup, it will wait for 30s before checking for available disc so that notification is positioned at the right place, on the applet icon - it prevents crashing if DBus is not...

Mandriva Linux Security Advisory : wordnet (MDVSA-2008:182-1)

Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input CVE-2008-2149, CVE-2008-3908. Update : The previous patch had a typo that caused incorrect behaviour in WordNet. This update uses an update patch that correct...

Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:065)

Luigi Auriemma found a few programming errors in Pulseaudio, that can be used to crash the Pulseaudio daemon, by authenticated and unauthenticated users. The updated packages fix these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Fedora 10 : squid-3.0.STABLE13-1.fc10 (2009-1526)

Thu Feb 5 2009 Jonathan Steffan - 7:3.0.STABLE13-1 - upgrade to latest upstream - Thu Jan 29 2009 Henrik Nordstrom - 7:3.0.STABLE12-1 - upgrade to latest upstream - Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-3 - actually include the upstream bugfixes in the build - Fri Dec 19 2008 Henrik...