ntpd: DoS with mode 7 packets (VU#568372)

ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error responses between two NTP daemon...

Debian: Security Advisory (DSA-1941-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 10 Update: awstats-6.95-1.fc10

Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...

[SECURITY] Fedora 12 Update: awstats-6.95-1.fc12

Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...

Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)

Updated to 1.4.2 including XSS security fix CVE-2009-2820. Fixed improper reference counting in abstract file descriptors handling interface CVE-2009-3553. Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in...

Serv-U < 9.1.0.0

According to its banner, the installed version of Serv-U is earlier than 9.1.0.0, and therefore affected by the following issues : - A boundary error in the web administration interface when parsing session cookies can result in a stack-based buffer overflow. CVE-2009-4873 - A boundary error in t...

Facebook, MySpace Fix Subdomain Errors

Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s personal photos, data and messages to a central serv...

Microsoft Patches Critical IE Patch from Last Month

Microsoft has reissued a patch for a critical Internet Explorer update, MS09-54 from last month. The new patch targets four critical vulnerabilities, including the scrambling of Web page elements and spawned script errors. The problems affect most versions of IE IE 5.01, IE 6, IE 7, IE 8, on all...

FreeBSD : KDE -- multiple vulnerabilities (6f358f5a-c7ea-11de-a9f3-0030843d3802)

oCERT reports : Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves...

Cross-Site Scripting vulnerability in ProofReader for Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в компоненте ProofReader comproofreader для Joomla. Уязвимость на страницах с 404 ошибкой и на существующих страницах сайта. Это DOM Based XSS. XSS IE: http://site/1";alertdocument.cookie;//...

Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)

This host is missing a critical security update according to Microsoft Bulletin MS09-062. OpenVAS Vulnerability Test $Id: secpodms09-062.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Products GDI Plus Code Execution Vulnerabilities 957488 Authors: Sharath S Updated to Check Visio Viewer 2007 - B...

Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)

This host is missing a critical security update according to Microsoft Bulletin MS09-062. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Nullsoft Winamp Ultravox Streaming Metadata Parsing Stack Buffer Overflow (CVE-2008-0065)

NullSoft Winamp is a multimedia player that is capable of playing back many audio/video formats and streaming protocols. Winamp supports the Ultravox media streaming format, a proprietary streaming media protocol developed by AOL. There exists a buffer overflow vulnerability in Nullsoft Winamp...

Information disclosure

Cisco ACE XML Gateway AXG and ACE Web Application Firewall WAF before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by 1 an OPTIONS request or 2 a crafted GET request, leading to a Message-handling Errors message containing a...

CVE-2009-3457

Cisco ACE XML Gateway AXG and ACE Web Application Firewall WAF before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by 1 an OPTIONS request or 2 a crafted GET request, leading to a Message-handling Errors message containing a...

CVE-2009-3457

Cisco ACE XML Gateway AXG and ACE Web Application Firewall WAF before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by 1 an OPTIONS request or 2 a crafted GET request, leading to a Message-handling Errors message containing a...

SILC Client Channel Name Format String Vulnerability

This host has SILC Client installed and is prone to Format String vulnerability. OpenVAS Vulnerability Test $Id: secpodsilcprdtschannelnameformatstringvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SILC Client & Toolkit Channel Name Format String Vulnerability Authors: Nikita MR Copyright: Copyrigh...

WinRAR Multiple Unspecified Vulnerabilities

This host has WinRAR installed and is prone to Multiple Vulnerability. OpenVAS Vulnerability Test $Id: secpodwinrarmultvuln.nasl 5148 2017-01-31 13:16:55Z teissa $ WinRAR Multiple Unspecified Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod http://www.secpod.com This progra...

Design/Logic Flaw

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote...

Mozilla Firefox Denial Of Service Vulnerability (Sep 2009) - Linux

Firefox browser is prone to Denial of Service vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...