DSA-2303-1 linux-2.6 - several issues

Bulletin has no description...

In-link 2.3.45.1.3 RC1 - cat SQL Injection

In-link 2.3.45.1.3 RC1 - cat SQL Injection source: https://www.securityfocus.com/bid/49508/info In-link is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Session fixation

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session...

Cisco ASA 5500 Series Multiple DoS Vulnerabilities (cisco-sa-20100804-asa)

The remote Cisco ASA is missing a security patch and may be vulnerable to the following issues : - Multiple DoS vulnerabilities in the SunRPC inspection engine that can be triggered by sending unspecified UDP packets. CVE-2010-1578, CVE-2010-1579, CVE-2010-1580 - Multiple TLS DoS vulnerabilities...

CVE-2011-2839

The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2011-2839

The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Finger Service Unused Account Disclosure Vulnerability

The finger service is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Twitter Advances Ever So Slowly Toward Total Adoption of HTTPS

Twitter is at the beginning of a process that will eventually make HTTPS browsing a default feature on the popular micro-blogging platform. The company currently is experimenting by turning HTTPS on for a small percentage of users. Enabling HTTPS means that all communications between users and...

BNAT Scanner

This module is a scanner which can detect Broken NAT network address translation implementations, which could result in an inability to reach ports on remote machines. Typically, these ports will appear in nmap scans as 'filtered'/'closed'. This module requires Metasploit:...

THC-ipv6 Toolkit – Attacking the IPV6 Protocol

THC-ipv6 Toolkit – Attacking the IPV6 Protocol A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches,...

Memory corruption

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code...

CVE-2011-2993

CVE-2011-2993 describes unsigned JavaScript calling into signed JAR code, allowing Same Origin Policy bypass and privilege gain in Mozilla SeaMonkey/Firefox. Connected sources confirm the issue across SeaMonkey 2.x (fixed in SeaMonkey 2.3) and Firefox 4.x–5 timelines, with MFSA advisories and pat...

SeaMonkey < 2.3.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.3.0. Such versions are potentially affected by the following security issues : - An error in SVG text manipulation code creates a dangling pointer vulnerability. CVE-2011-0084 - Multiple, unspecified memory safety issues exist. CVE-2011-2985 - ...

Ubuntu: Security Advisory (USN-1187-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-backport-maverick USN-1187-1

Ubuntu Update for Linux kernel vulnerabilities USN-1187-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11871.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-lts-backport-maverick USN-1187-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

USN-1187-1: Linux kernel (Maverick backport) vulnerabilities

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

CentOS Update for java CESA-2009:1201 centos5 i386

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2009:1201 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1187-1)

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

CVE-2011-2718

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to 1...

CVE-2011-2718

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to 1...