128 matches found
Debian Security Advisory DSA 1098-1 (horde3)
The remote host is missing an update to horde3 announced via advisory DSA 1098-1. Michael Marek discovered that the Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting. The old stable distributio...
Debian Security Advisory DSA 1239-1 (sql-ledger)
The remote host is missing an update to sql-ledger announced via advisory DSA 1239-1. Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project...
Debian Security Advisory DSA 1196-1 (clamav)
The remote host is missing an update to clamav announced via advisory DSA 1196-1. Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following...
Debian: Security Advisory (DSA-1098-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-944-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-782-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1462-1 : hplip - missing input sanitising
Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System HPLIP performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian DSA-1369-1 : gforge - missing input sanitising
Sumit I. Siddharth discovered that Gforge, a collaborative development tool performs insufficient input sanitising, which allows SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
[SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1366-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 1st, 2007 http://www.debian.org/security/faq -...
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
Debian DSA-999-1 : lurker - several vulnerabilities
Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1062 Lurker's mechanism for specifying configuration files was...
DSA-1168-1 imagemagick
Bulletin has no description...
Horde Web Application Framework: XSS vulnerability
Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...
Chatty improper input sanitizing
Chatty improper input sanitizing Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement Chatty is a PHP-based chatscript allowing users to chat over the web. Subscribing with a username like this: scriptalert22xss22/script would cause major xss in the chatroom. Nomenumbra...
ChipmunkBlogger improper input sanitizing
ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement Posts potentially made by lower-privilege members and profile names aren't properly sanitized, thus resulting in being vulnerable to the following kind of XS...
Mandrake Linux Security Advisory : bluez-utils (MDKSA-2005:150)
A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device. The updated packages have been patched to correct this problem. %NASLMINLEVEL...
CVE-2005-1854
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server...
[SECURITY] [DSA 762-1] New affix packages fix arbitrary command and code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 762-1 [email protected] http://www.debian.org/security/ Martin Schulze July 19th, 2005 http://www.debian.org/security/faq -...
CVE-2005-0388
CVE-2005-0388 applies to remstats' remoteping service in versions up to 1.0.13. The vulnerability arises from missing input sanitising, enabling remote command execution. Debian DSA-704-1 fixes the issue in remstats (uptstream: version 1.0.13a-5 for sid; 1.00a4-8woody1 for woody). Red Hat advisor...
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 695-1 [email protected] http://www.debian.org/security/ Martin Schulze March 21st, 2005 http://www.debian.org/security/faq -...