4492 matches found
MGASA-2016-0199 Updated wpa_supplicant packages fix security vulnerabilities
Updated wpasuppliant packages fix security vulnerabilities: A vulnerability was found in how wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or...
Clam AntiVirus: Multiple vulnerabilities
Background Clam AntiVirus short: ClamAV is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact An unauthenticat...
Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion
The remote web server hosts Bitweaver, an open source content management system written in PHP. At least one install of Bitweaver on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'wiki/rankings.php' script before using it to include PHP code. Regardless of...
[SECURITY] Fedora 7 Update: scponly-4.6-10.fc7
scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications...
GLSA-200801-21 : Xdg-Utils: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200801-21 Xdg-Utils: Arbitrary command execution Miroslav Lichvar discovered that the 'xdg-open' and 'xdg-email' shell scripts do not properly sanitize their input before processing it. Impact : A remote attacker could entice a us...
Oracle XDB component PITRIG_TRUNCATE buffer overflow
Added: 02/01/2008 CVE: CVE-2008-0339 BID: 27229 OSVDB: 40300 Background The PITRIGTRUNCATE function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGTRUNCATE function allows remote, authenticated attackers to...
Debian DSA-579-1 : abiword - buffer overflow
A buffer overflow vulnerability has been discovered in the wv library, used for converting and previewing word documents. On exploitation an attacker could execute arbitrary code with the privileges of the user running the vulnerable application. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Monolith Lithtech Game Engine - Multiple Remote Format String Vulnerabilities
// source: https://www.securityfocus.com/bid/11610/info Lithtech game engine is prone to multiple remote format-string vulnerabilities because of incorrect usage of 'printf'-type functions. Format specifiers can be supplied directly to vulnerable functions from external data. A denial-of-service...
WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow
source: https://www.securityfocus.com/bid/4531/info WebTrends Reporting Center is used to organize and present usage information for multiple server web environments. Reporting Center is available for Windows NT and 2000, Linux and Solaris. An issue has been reported in WebTrends Reporting Center...
Microsoft Frontpage Server Remote Application Deployment (RAD) component vulnerable to buffer overflow via malformed packet sent to server component
Overview Microsoft Frontpage Server Remote Application Deployment RAD component contains an unchecked buffer which can allow an intruder to execute arbitrary code with the privileges of IUSRmachinename or system. Description A buffer overflow in the Microsoft Frontpage Server Remote Application...
RedHat 4.x5.x6.x RedHat man 1.5 Turbolinux man 1.5 Turbolinux 3.54.x - man Buffer Overrun (1)
RedHat 4.x5.x6.x RedHat man 1.5 Turbolinux man 1.5 Turbolinux 3.54.x - man Buffer Overrun 1 / source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability A buffer overflow exis...
WebGais webgais CGI Arbitrary Command Execution
The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10300;...