openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5050)

Mozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues : Mozilla Foundation Security Advisory 2011-32 MFSA 2011-32 http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disable...

openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101)

Mozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA...

openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)

seamonkey version 2.6 fixes several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA...

openSUSE Security Update : bind (openSUSE-2013-297)

bind was updated to 9.9.2-P2, fixing a security issue in regular expression handling. CVE-2013-2266 RT 32688 https://kb.isc.org/article/AA-00871 bnc811876 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

[SECURITY] Fedora 19 Update: mutt-1.5.23-2.fc19

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

[SECURITY] Fedora 20 Update: mutt-1.5.23-2.fc20

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

Fedora Update for mutt FEDORA-2014-5880

Check for the Version of mutt OpenVAS Vulnerability Test Fedora Update for mutt FEDORA-2014-5880 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Struts2 then exposed S2-0 2 0 patch bypass vulnerability – evil regular expressions-vulnerability warning-the black bar safety net

4 on 2 to 4 November, the network exposed in the article“Security researchers noted that the Apache Struts2 vulnerability Bulletin S2-0 2 0, in process repair CVE-2 0 1 4-0 0 9 4 bug fixes program vulnerability exists, resulting patch is completely bypassed.” Affected products: Struts 2.0.0 –...

Apache Archiva 1.2.x <= 1.2.2 / 1.3.x <= 1.3.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Apache Archiva hosted on the remote web server is 1.2.x prior than or equal to 1.2.2 or 1.3.x prior than or equal to 1.3.6 and thus is affected by the following vulnerabilities : - An input validation error exists related to unspecified...

Medium: php55

Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...

CVE-2013-6469

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

PT-2014-3131 · Mozilla +1 · Mvel +1

Name of the Vulnerable Software and Affected Versions: JBoss Overlord Run Time Governance RTGov version 1.0 for JBossAS Description: The issue allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. Recommendations: For JBoss Overlord Ru...

Adobe Flash Player - Regular Expression Heap Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Regular Expression Heap Overflow", 'Description' = %q This module exploits a vulnerability found in the ActiveX...

Adobe Flash Player Regular Expression Heap Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Regular Expression Heap Overflow", 'Description' = %q This module exploits a vulnerability found in the ActiveX...

Adobe Flash Player Regular Expression Heap Overflow

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of...

Updated php packages fix security vulnerability

Updated php packages fix security vulnerability: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a...

Design/Logic Flaw

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...

CVE-2013-6468

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...

Drools任意代码执行漏洞

Bugtraq ID:66659 CVE ID:CVE-2013-6468 Drools具有一个易于访问企业策略、易于调整以及易于管理的开源业务规则引擎，符合业内标准，速度快、效率高。 Drools存在一个安全漏洞，允许远程通过验证的攻击者在MVEL或者Drools表达式中提交任意Java代码，可以应用服务安全上下文执行任意代码。 0 Drools 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://rhn.redhat.com/errata/RHSA-2014-0371.html...