NoScript Cross Site Scripting Via SQL Injection

Hi List NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack...

Google Chrome multiple vulnerabilities - November 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnnov10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - November 10Linux Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Google Chrome multiple vulnerabilities - November 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnnov10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - November 10Windows Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Mandriva Update for mysql MDVSA-2010:155-1 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2010:155-1 mysql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Adobe Flash Player Multiple Vulnerabilities - Windows

Adobe Flash Player is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player Multiple Vulnerabilities (Linux)

This host is installed with Adobe Flash Player and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeflashplayermultvulnnov10lin.nasl 5263 2017-02-10 13:45:51Z teissa $ Adobe Flash Player Multiple Vulnerabilities Linux Authors: Sooraj KS Copyright: Copyright...

Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)

Multiple vulnerabilities were discovered and corrected in mysql : - During evaluation of arguments to extreme-value functions such as LEAST and GREATEST, type errors did not propagate properly, causing the server to crash CVE-2010-3833. - The server could crash after materializing a derived table...

DEBIAN-CVE-2010-2477

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

CVE-2010-3833

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

RealWin SCADA System Buffer Overflow Vulnerabilities

This host is running RealWin SCADA system and is prone to buffer overflow vulnerabilities. OpenVAS Vulnerability Test $Id: gbrealwinscadabofvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ RealWin SCADA System Buffer Overflow Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone...

CGI Generic Fragile Parameters Detection (potential)

A web application hosted on the remote service returned 50x response codes when discovered CGIs were called with invalid values. These codes may have several origins : - A web application firewall or another defense mechanism may abruptly interrupt the request. - There could be a transient web...

Apache 2.0.x < 2.0.64 Multiple Vulnerabilities

According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. CVE-2010-1452 - Several modules, including...

Installation Path Disclosure Weakness in MyBB

High-Tech Bridge SA Security Research Lab has discovered a weakness in MyBB which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in MyBB The weakness exists due to application reveals the full path to installation directory in an...

SuSE 10 Security Update : iscsitarget (ZYPP Patch Number 7109)

This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Buffer Errors CWE-119 - CVE-2010-0743: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Format String Vulnerability...

SuSE 10 Security Update : expat (ZYPP Patch Number 6765)

The previous expat security update CVE-2009-3560 caused parse errors with some xml documents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49850;...

SuSE 10 Security Update : Python (ZYPP Patch Number 6946)

This update of python has a copy of libxmlrpc that is vulnerable to denial of service bugs that can occur while processing malformed XML input. CVE-2009-2625: CVSS v2 Base Score: 5.0 moderate AV:N/AC:L/Au:N/C:N/I:N/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2009-3720: CVSS v2 Ba...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 801142.prm...

CVE-2010-2530

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

CVE-2010-3310

Multiple integer signedness errors in net/rose/afrose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a rosegetname function call, related to the rosebind and roseconnect...