EUVD-2004-2084

Malware in sbrugna...

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

Debian DLA-399-1 : foomatic-filters security update

cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

Debian DLA-398-1 : privoxy security update

CVE-2016-1982 Prevent invalid reads in case of corrupt chunk-encoded content CVE-2016-1983 Remove empty Host headers in client requests; resulting in invalid reads. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...

Debian DLA-296-1 : extplorer security update

Multiple cross-site scripting XSS vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...

Debian DLA-24-1 : poppler security update

It was discovered that poppler did return program execution to the libjpeg library under error conditions, which is not expected by the library and results in application crash and possibly code execution. NOTE: Tenable Network Security has extracted the preceding description block directly from...

Debian DLA-105-1 : graphviz security update

Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. NOTE: Tenable Network Security has extracted the...

RedHat Linux 6.0 Single User Mode Authentication Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1005/info A vulnerability exists in the manner in which RedHat Linux 6.0 protects the obtaining of a shell by booting single user mode. RedHat will prompt for the root password upon entering single user mode. Pressing ^C...

ISC INN <= 2.2,RedHat Linux <= 6.0 inews Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/616/info INN versions 2.2 and earlier have a buffer overflow-related security condition in the inews program. inews is a program used to inject new postings into the news system. It is used by many news reading programs a...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

Debian DSA-2791-1 : tryton-client - missing input sanitization

Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...

Debian DSA-2747-1 : cacti - several vulnerabilities

Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems : - CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. - CVE-2013-5589 cacti/host.php contained a SQL injection vulnerability, allowing an attacker ...

Debian DSA-2729-1 : openafs - several vulnerabilities

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the...

MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MiniUPnPd 1.0 Stack Buffer Overflow...

Debian DSA-2630-1 : postgresql-8.4 - programming error

Sumit Soni discovered that PostgreSQL, an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

RHEL 6 : kernel (RHSA-2012:1114)

Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Debian DSA-2561-1 : tiff - buffer overflow

It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Debian DSA-2530-1 : rssh - shell command injection

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2530. The text itself is copyrigh...

Debian DSA-2474-1 : ikiwiki - XSS

Raul Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author and its URL of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Debian DSA-2441-1 : gnutls26 - missing bounds check

Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...