SuSE Update for seamonkey openSUSE-SU-2012:0007-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201200071.nasl 8253 2017-12-28 06:29:51Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0007-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Scientific Linux Security Update : tcltk on SL3.x i386/x86_64

An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of...

Scientific Linux Security Update : perl on SL5.x i386/x86_64

A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. CVE-2007-5116 %NASLMINLEVEL 70300 C Tenable Network...

Scientific Linux Security Update : boost on SL5.x i386/x86_64 (20120221)

The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker...

Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64

Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries...

Scientific Linux Security Update : gdb on SL4 i386/x86_64

Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. CVE-2006-4146 %NASLMINLEVEL...

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

xheditor editor upload. php malformed file upload vulnerability-vulnerability warning-the black bar safety net

The code uses a whitelist mechanism to verify, press the truth to say that the white list are generally relatively safe. But the problem arises in the verification process where verification extension use The is a regular pregmatch method As long as we construct the suffix name contains a white...

Microsoft Expression Web Detection

Detects the installed version of Microsoft Expression Web. The script logs in via smb, searches for Microsoft Expression Web and in the registry and gets the version from SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

RedHat Update for dhcp RHSA-2011:1819-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

xheditor default upload. php malformed file upload vulnerability-vulnerability warning-the black bar safety net

The file upload code uses a white list mechanism according to the truth that is relatively safe, but the problem appears in the white list mechanism to verify there. Use regular expression matching here gives us a bypass method in a iis parsing the properties to get a shell. Verification code:...

DSA-2504-1 libspring-2.5-java - information disclosure

Bulletin has no description...

Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)

Microsoft XML Core Services is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Apache OFBiz FlexibleStringExpander Remote Code Execution

The version of Apache OFBiz hosted on the remote host has an arbitrary code execution vulnerability. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java Unified Expression Language expressions. A remote,...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

PHP 5.4/5.3 deprecated Function eregi() memory_limit bypass vulnerability-vulnerability warning-the black bar safety net

PHP is an HTML embedded language, PHP and Microsoft ASP quite a bit similar, is a server-side implementation of the embedded HTML document the script language, the language style is similar to the C language, is now a lot of web site programmers widely use. PHP 5.3 after version deprecated based ...

IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities

The host is running IBM DB2 and is prone to denial of service and security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2xmldosncreatevarsecbypassvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities Authors:...