CVE-2009-2716

CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...

Unfixed XSS vulnerability at www.rtl.fr

Security researcher 599eme Man, has submitted on 08/07/2009 a cross-site-scripting XSS vulnerability affecting www.rtl.fr, which at the time of submission ranked 12025 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2009. It is currently...

Chrome privilege escalation due to incorrectly cached wrapper — Mozilla

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher mozbugra4 demonstrated tha...

TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities

TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities ============================================================================== TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities...

Unfixed XSS vulnerability at www.whatisscientology.org

Security researcher lljkrieg, has submitted on 21/07/2009 a cross-site-scripting XSS vulnerability affecting www.whatisscientology.org, which at the time of submission ranked 313267 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2009. It...

[SECURITY] Fedora 9 Update: drupal-views-6.x.2.6-1.fc9

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

CVE-2009-1713

CVE-2009-1713 is a WebKit XSLT vulnerability. In qt4-x11 (and related WebKit deployments like Safari) the XSLT document() function can be mis-implemented, allowing a remote attacker to read arbitrary local files and files in other security zones via crafted HTML/XML. Debian DSA-1988 confirms the ...

CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read 1 arbitrary local files and 2 files from different security zones via unspecified vectors...

AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Windows)

This host is installed with AVG AntiVirus Product Suite for Windows and is prone to Malware Detection Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodavgdetectionbypassvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ AVG AntiVirus Engine Malware Detection Bypass Vulnerability Windows...

Unfixed XSS vulnerability at www.nhl.nl

Security researcher Jurpie, has submitted on 23/05/2009 a cross-site-scripting XSS vulnerability affecting www.nhl.nl, which at the time of submission ranked 184188 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/05/2009. It is currently...

CVE-2009-1735

Cross-site scripting XSS vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information...

CSRF attack message thrown when JSESSIONID is changed

Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may display the text "Draft saving timed out" on top of the text area. At the same time, the following error messages are printed in the Confluence log: noformat 2009-05-15 08:06:36,011 ERRO...

Debian DSA-1801-1 : ntp - buffer overflows

Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service...

[SECURITY] Fedora 11 Update: ipsec-tools-0.7.2-1.fc11

This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon...

Mandriva Linux Security Advisory : kernel (MDVSA-2008:104)

A race condition in the directory notification subsystem dnotify in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service OOPS and possibly gain privileges via unspecified vectors. CVE-2008-1375 The Linux kernel before 2.6.25.2 does not...

Fedora 10 : avahi-0.6.22-12.fc10 (2008-11351)

This version includes five patches backported from the recently released 0.6.24 : - A trivial security fix for CVE-2008-5081, rhbz 475964. - A trivial fix for the threaded event loop, avahi bts 251 - A trivial fix unbreaking the --force-bind logic of avahi-autoipd, avahi bts 209 - A trivial fix t...

Mandriva Linux Security Advisory : kernel (MDVSA-2008:105)

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. CVE-2007-3740 The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets,...

Cross site scripting

Cross-site scripting XSS vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke DNN before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."...

Cross site scripting

Cross-site scripting XSS vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality...

Fedora Core 9 FEDORA-2009-3712 (udev)

The remote host is missing an update to udev announced via advisory FEDORA-2009-3712. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...