MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted...

Google Fixes Three Critical Flaws in Chrome

Google has released a new version of its Chrome browser, fixing three serious security vulnerabilities in earlier versions of the browser. Google released version 4.1.249.1064 for Windows on Tuesday, fixing the three security flaws, for which it paid $1500 through its bug bounty program. Two of t...

Ding Feng enterprises smart built Station system injection search injection vulnerability analysis and exploit-vulnerability warning-the black bar safety net

Author: Mo if you are asked Version: Ding Feng enterprises smart built Station system ASP version V0. 3. 6 Yesterday the use of this system to get a webshell, but is the use of download the default database, the latter the discoverer of the system interface's also good, by the look of IT security...

Ding Feng enterprises smart built Station system injection search injection vulnerability analysis and exploit-vulnerability warning-the black bar safety net

Author: L4nk0rMo if you are asked Yesterday the use of this system to get a webshell, but is the use of download the default database, the latter the discoverer of the system interface's also good, by the look of IT security. This article on its search injection vulnerability simple analysis and...

MS Patch Tuesday: 13 Bulletins, 26 Vulnerabilities

Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants. The company urged customers to prioritize and deploy four...

A Good Year for Security Collaboration

It seems like just yesterday when I was at Black Hat. Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the last 352 days. At the same time, it is a great opportunity to look back at the past...

ImageMagick < 6.5.2-9 magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow

The remote Windows host is running a version of ImageMagick earlier than 6.5.2-9. Such versions reportedly fail to properly handle malformed 'TIFF' files in the 'XMakeImage' function. If an attacker can trick a user on the remote host into opening a specially crafted file using the affected...

Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)

Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

MS08-061: Microsoft Windows Kernel Multiple Privilege Elevation (954211)

The remote host contains a version of the Windows kernel that is vulnerable to a security flaw that could allow a local user to elevate his privileges or to crash it therefore causing a denial of service. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34406;...

CVE-2008-4453

The CVE-2008-4453 issue affects GdPicture Pro Imaging SDK 5.7.1 (GdPicturePro5S.Imaging) and GdPicture Light Imaging Toolkit 4.7.1 (GdPicture4S.Imaging) ActiveX controls (gdpicture4s.ocx, gdpicturepro5s.ocx). The SaveAsPDF method fails to validate input to the sFilePath parameter, enabling remote...

Remote code execution

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control ChilkatUtil.dll 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the 1 SaveToFile, 2 SaveToTempFile, or 3 AppendBinary method. NOTE: this issue might only be exploitable in...

Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029)

This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

mybloggie-sql.txt

netVigilance Security Advisory 40 myBloggie version 2.1.6 Multiple SQL Injection Vulnerability Description: myBloggie http://mywebland.com/mybloggie/ is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most...

faname10-sql.txt

netVigilance Security Advisory 42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and by usei...

Symantec Decomposer Multiple Vulnerabilities (SYM08-006)

The remote Symantec product is affected by multiple issues. By sending a specially crafted RAR file to TCP port 1344, an unauthenticated attacker may be able to cause a denial of service condition or execute arbitrary code, subject to privileges of the user running the application. C Tenable...

SuSE 10 Security Update : tar (ZYPP Patch Number 4171)

This update fixes a bug in function safernamesuffix of tar which leads to a crashing stack. Exploitability is unknown. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : cpio (ZYPP Patch Number 4184)

This update fixes a bug in function safernamesuffix of cpio which leads to a crashing stack. Exploitability is unknown. CVE-2007-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

SAXON version 5.4 SQL Injection Vulnerability

netVigilance Security Advisory 55 SAXON version 5.4 SQL Injection Vulnerability Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per...

openSUSE 10 Security Update : cpio (cpio-4180)

This update fixes a bug in function safernamesuffix of cpio which leads to a crashing stack. Exploitability is unknown. CVE-2007-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cpio-4180...

openSUSE 10 Security Update : tar (tar-4170)

This update fixes a bug in function safernamesuffix of tar which leads to a crashing stack. Exploitability is unknown. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update tar-4170. The text...