Scientific Linux Security Update : gdb on SL4 i386/x86_64

Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. CVE-2006-4146 %NASLMINLEVEL...

Scientific Linux Security Update : tcltk on SL3.x i386/x86_64

An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of...

Scientific Linux Security Update : boost on SL5.x i386/x86_64 (20120221)

The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker...

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

xheditor editor upload. php malformed file upload vulnerability-vulnerability warning-the black bar safety net

The code uses a whitelist mechanism to verify, press the truth to say that the white list are generally relatively safe. But the problem arises in the verification process where verification extension use The is a regular pregmatch method As long as we construct the suffix name contains a white...

Microsoft Expression Web Detection

Detects the installed version of Microsoft Expression Web. The script logs in via smb, searches for Microsoft Expression Web and in the registry and gets the version from SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

RedHat Update for dhcp RHSA-2011:1819-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

xheditor default upload. php malformed file upload vulnerability-vulnerability warning-the black bar safety net

The file upload code uses a white list mechanism according to the truth that is relatively safe, but the problem appears in the white list mechanism to verify there. Use regular expression matching here gives us a bypass method in a iis parsing the properties to get a shell. Verification code:...

DSA-2504-1 libspring-2.5-java - information disclosure

Bulletin has no description...

Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)

Microsoft XML Core Services is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Apache OFBiz FlexibleStringExpander Remote Code Execution

The version of Apache OFBiz hosted on the remote host has an arbitrary code execution vulnerability. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java Unified Expression Language expressions. A remote,...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

PHP 5.4/5.3 deprecated Function eregi() memory_limit bypass vulnerability-vulnerability warning-the black bar safety net

PHP is an HTML embedded language, PHP and Microsoft ASP quite a bit similar, is a server-side implementation of the embedded HTML document the script language, the language style is similar to the C language, is now a lot of web site programmers widely use. PHP 5.3 after version deprecated based ...

IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities

The host is running IBM DB2 and is prone to denial of service and security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2xmldosncreatevarsecbypassvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities Authors:...

PHP 5.4/5.3 deprecated eregi() memory_limit bypass

PHP 5.4/5.3 deprecated eregi memorylimit bypass Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 30.03.2012 Original link: http://cxsecurity.com/issue/WLB-2012030272 PoC's: memorylimit poc http://cxsecurity.com/issue/WLB-2012030271 openbasedir poc...

Ubuntu Update for thunderbird USN-1343-1

Ubuntu Update for Linux kernel vulnerabilities USN-1343-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for thunderbird USN-1343-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...

Microsoft Expression 'wintab32.dll' DLL加载任意代码执行漏洞(MS12-022)

BUGTRAQ ID: 52375 CVE ID: CVE-2012-0016 Expression Design 是个专业的插图和图形设计工具，可让您为 Web 和桌面应用程序使用者接口建立吸引人的项目。 Microsoft Expression以不安全的方式加载某些库，通过诱使用户打开远程WebDAV或SMB共享上的.xpr或.DESIGN文件，远程攻击者可利用此漏洞控制用户系统。 0 Microsoft Expression Design 4 Microsoft Expression Design 3 Microsoft Expression Design 2 Microsoft...