OPEN IT OverLook 'title.php' Cross Site Scripting Vulnerability

This host is running OverLook and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodoverlookxssvuln.nasl 5668 2017-03-21 14:16:34Z cfi $ OPEN IT OverLook 'title.php' Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

Design/Logic Flaw

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and...

UBUNTU-CVE-2011-0129

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in...

UBUNTU-CVE-2011-0139

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in...

CVE-2011-0346

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the DOM implementation and the BreakAASpecial and...

CVE-2010-0114

fwcharts.php in the reporting module in the Manager aka SEPM component in Symantec Endpoint Protection SEP 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request...

CVE-2010-1676

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via unspecified vectors...

Exim alternate configuration privilege escalation vulnerability

Overview A vulnerability in the way that the Exim mail server handles configuration files may allow a local attacker to gain escalated privileges on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to t...

Ubuntu: Security Advisory (USN-1015-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for libxml2 vulnerability USN-1016-1

Ubuntu Update for Linux kernel vulnerabilities USN-1016-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10161.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libxml2 vulnerability USN-1016-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : libxml2 vulnerability (USN-1016-1)

Bui Quang Minh discovered that libxml2 did not properly process XPath namespaces and attributes. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. Note that Tenable Network...

FreeBSD 'pseudofs' NULL Pointer Dereference Local Privilege Escalation Vulnerability

No description provided by source. / Source: http://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / define SYSENT8SYCALLADDR 0xc0c4afa4...

CVE-2010-3069

Stack-based buffer overflow in the 1 sidparse and 2 domsidparse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted Windows Security ID SID on a file share...

CVE-2010-2213

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216...

Ubuntu 9.04 / 9.10 / 10.04 LTS : pcsc-lite vulnerability (USN-969-1)

It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

Google Releases Chrome 5.0.375.125

Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entr...

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)

$Id: ms02056hello.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Google Releases Chrome 4.1.249.1064

Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...

Directory traversal

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter...