2384 matches found
CVE-2010-4338
Removed by vendor...
Design/Logic Flaw
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories...
CVE-2010-4695
Removed by vendor...
MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
Exploit for php platform in category web applications Vendor: MantisBT Group Product web page: http://www.mantisbt.org Version affected: library/adodb/adodb.inc.php ... 4109: 4110: $file = ADODBDIR."/drivers/adodb-".$db.".inc.php"; 4111: @includeonce$file;...
MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure
Exploit for php platform in category web applications Vendor: MantisBT Group Product web page: http://www.mantisbt.org Version affected: 1.2.4 Summary: MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL...
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2132-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 11, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2131-1 [email protected] http://www.debian.org/security/ Stefan Fritsch December 10, 2010 http://www.debian.org/security/faq -...
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
-------------------------------------------------------------------------------------- Ghostscript library InsMINDEX off by one, integer overflow and heapcorruption -------------------------------------------------------------------------------------- -- Vulnerability Summary: Date Published:...
[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
------------------------------------------------------------------------ Debian Security Advisory DSA-2125-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 22, 2010 http://www.debian.org/security/faq -...
NitroSecurity ESM v8.4.0a Remote Code Execution
Exploit for linux platform in category remote exploits =============================================== NitroSecurity ESM v8.4.0a Remote Code Execution =============================================== -- Product description: NitroView ESM is an enterprise-class security information and event...
NitroSecurity ESM 8.4.0a Remote Code Execution
-- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that perl module "ess.pm" is prone to...
NitroSecurity ESM 8.4.0a - Remote Code Execution
NitroSecurity ESM 8.4.0a - Remote Code Execution -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it w...
NitroSecurity ESM 8.4.0a - Remote Code Execution
-- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that perl module "ess.pm" is prone to...
Linux kernel RDS protocol vulnerability
Overview The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability. Description Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket ca...
GNU C library dynamic linker expands $ORIGIN in setuid library search path
Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...
[SECURITY] [DSA-2114-1] New git-core packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-2114-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 26, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2111-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 19, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-2111-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 19, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-2108-1 [email protected] http://www.debian.org/security/ Sebastien Delafond Sep 14, 2010 http://www.debian.org/security/faq - -...
CVE-2010-2953
Technical details about CVE-2010-2953 (affected products, root cause, and fixes) are not publicly provided in the supplied documents; monitor for updates from vendors and security advisories.