9092 matches found
CVE-2011-2642
Multiple cross-site scripting XSS vulnerabilities in the table Print view implementation in tblprintview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name...
[SECURITY] Fedora 14 Update: xml-security-c-1.5.1-4.fc14
The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...
Debian DSA-2284-1 : opensaml2 - implementation error
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibboleth advisory. %NASLMINLEVEL 70300 C Tenable...
DSA-2284-1 opensaml2 - implementation error
Bulletin has no description...
Researchers Find Browser History-Sniffing Still Ongoing
The practice of history sniffing, which has been seen as out-of-bounds and a serious privacy violation for the better part of a decade now, is still ongoing by some ad networks, researchers have found. A study completed recently by researchers at Stanford University’s Center for Internet and...
CVE-2011-2513
The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...
kernel security update
CentOS Errata and Security Advisory CESA-2011:0927 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...
Ubuntu Update for linux USN-1167-1
Ubuntu Update for Linux kernel vulnerabilities USN-1167-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11671.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1167-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
CVE-2011-1093
The dccprcvstateprocess function in net/dccp/input.c in the Datagram Congestion Control Protocol DCCP implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service NULL pointer dereference and OO...
Alice Modem 1111 Cross Site Scripting / Denial Of Service
German ISP 'Alice' has been shipping custom embedded devices DSL modems/routers etc. for the past few years. Their first self-branded DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at least the following two security vulnerabilities after it has passed initial configuration...
Gilnet News - 'read_more.php' SQL Injection
source: https://www.securityfocus.com/bid/48966/info Gilnet News is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Support web sudo and other password confirmation features with custom authenticators
By default, web sudo and other password confirmation features in Confluence 3.5 and later are disabled if a custom authenticator is detected. However, there is an override flag that was added as part of CONF-20958 that allows administrators to turn it on again. If it is turned on manually, in mos...
USN-1164-1: Linux kernel vulnerabilities (i.MX51)
Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly...
Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwin01jul11.nasl 7024 2017-08-30 11:51:43Z teissa $ Opera Browser Multiple Vulnerabilities July-11 Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone...
Fedora 15 : libxml-1.8.17-27.fc15 (2011-7820)
This update addresses CVE-2011-1944 heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets. It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-an d-interesting.html It also fixes the broken xpath...
CVE-2011-2635
The Cascading Style Sheets CSS implementation in Opera before 11.10 allows remote attackers to cause a denial of service application crash via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element...
CVE-2011-2614
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors involving a path on which many characters are drawn...
Design/Logic Flaw
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors involving a path on which many characters are drawn...
CVE-2011-2614
CVE-2011-2614 affects the SVG rendering in Opera prior to 11.50. The vulnerability allows a remote attacker to cause an application crash (DoS) by crafting a path with many drawn characters. Exploitation details are not provided in the sources; no in‑the‑wild exploit information is included. Reme...
Google Chrome Multiple Vulnerabilities (Windows) - June 11
This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnwinjun11.nasl 7019 2017-08-29 11:51:27Z teissa $ Google Chrome Multiple Vulnerabilities Windows - June 11 Authors: Madhuri D Copyright: Copyright c 2011...