USN-1353-1: Xulrunnner vulnerabilities

Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...

Google Chrome < 17.0.963.46 Multiple Vulnerabilities

Binary data 6312.pasl...

Google Chrome < 17.0.963.46 Multiple Vulnerabilities

Binary data 800936.prm...

Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities

Binary data 6307.prm...

Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities

The installed version of Thunderbird 3.1.x is earlier than 3.1.18 and is, therefore, potentially affected by the following vulnerabilities: - A use-after-free error exists related to removed nsDOMAttribute child nodes.CVE-2011-3659 - The IPv6 literal syntax in web addresses is not being properly...

Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox 3.6 is earlier than 3.6.26. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.CVE-2011-3659 - The IPv6 literal syntax in web addresses is not being properly enforced...

FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)

The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file. %NASLMINLEVEL 703...

100 Kenya government websites breached by Indonesian hacker

100 Kenya government websites breached by Indonesian hacker An Indonesian hacker on Tuesday attacked and defaced more than 100 Kenya government websites Among the ministries affected include the Ministries of Local Government, Livestock, Environment, Fisheries, Housing, and Industrialisation in a...

MySQL < 5.5.6 Multiple Denial of Service

The version of MySQL installed on the remote host is older than 5.5.6. As such, it reportedly is prone to multiple denial of service attacks : - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST' or 'GREATEST' causes server crashes...

MySQL < 5.0.92 Multiple Denial of Service

The version of MySQL installed on the remote host is older than 5.0.92. As such, it reportedly is prone to multiple denial of service attacks : - The improper handling of type errors during argument evaluation in extreme-value functions, e.g., 'LEAST' or 'GREATEST' causes server crashes...

PHP < 5.3.9 Multiple Vulnerabilities

Binary data 6263.prm...

spamdyke -- Buffer Overflow Vulnerabilities

Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...

Wireshark 1.4.x < 1.4.11 Multiple Vulnerabilities

The installed version of Wireshark is 1.4.x before 1.4.11. This version is affected by the following vulnerabilities : - Errors exist in the parsers for '5views', 'i4b', 'iptrace', 'netmon2' and 'novell' packets that can lead to application crashes. Issues 6663, 6666, 6667, 6668, 6669, 6670 - An...

libxml2 security update

2.6.16-12.9.0.1 - Add oracle-enterprise.patch and replace doc/redhat.gif in the tarball 2.6.16-12.9 - Fix an off by one error in encoding CVE-2011-0216 - Fix missing error status in XPath evaluation CVE-2011-2834 - Make sure the parser returns when getting a Stop order CVE-2011-3905 - Fix an...

Joomla Simple File Upload Module Remote Code Execution Vulnerability

This host is running Joomla Simple File Upload Module and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlasimplefileuploadcodeexecvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Joomla Simple File Upload Module Remote Code Execution Vulnerability Authors: Madhur...

Fully automated MySQL5 boolean based enumeration tool

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the informationschema information. When the -q flag ...

SeaMonkey < 2.6.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event...

Stuxnet Finger Pointing

Stuxnet debuted with a frenzy in 2010 after researchers exposed the malware already busily disrupting Iran’s nuclear enrichment program. That was followed this past year by continued speculation, finger pointing and even some dismissive attitudes about the worm, which targets Siemens-made...

Google Chrome < 16.0.912.63 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 16.0.912.63 and is affected by the following vulnerabilities: - Out-of-bounds read errors exist related to regex matching, libxml, the PDF parser, the SVG parser, YUV video frame handling, i18n handling in V8 and PDF cross...

SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)

This MySQL version update to 5.0.94 update fixes the following security issues : - CVE-2010-3833: CVSS v2 Base Score: 4.0 moderate AV:N/AC:L/Au:S/C:N/I:N/A:P: Resource Management Errors CWE-399 - CVE-2010-3834: CVSS v2 Base Score: 4.0 moderate AV:N/AC:L/Au:S/C:N/I:N/A:P: Insufficient Information...