3293 matches found
CVE-2011-3360
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory...
CVE-2011-3360
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory...
CVE-2011-3360
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory...
CVE-2011-3360
Wireshark flats: CVE-2011-3360 affects Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2. Root cause is insecure load/search path handling that can cause execution of an untrusted Lua script (Trojan horse) from an unspecified directory, enabling local privilege escalation. Public advisories con...
Wireshark 1.4.x < 1.4.9 Multiple Vulnerabilities
The installed version of Wireshark is 1.4.x before 1.4.9. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. CVE-2011-3266 - A buffer exception handling vulnerability...
Wireshark 1.6.x < 1.6.2 Multiple Vulnerabilities
The installed version of Wireshark is 1.6.x before 1.6.2. This version is affected by the following vulnerabilities : - An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. CVE-2011-3266 - A buffer exception handling vulnerability...
DEBIAN-CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
CVE-2011-1524
CVE-2011-1524 is an XSS vulnerability in the Symantec LiveUpdate Administrator (LUA) management login GUI prior to version 2.3. The issue allows remote attackers to inject arbitrary script via the username field, demonstrated by inserting an IFRAME into the event log. Affected component is the LU...
Symantec LiveUpdate Administrator Cross-Site Request Forgery
SUMMARY Symantecs LiveUpdate Administrator LUA is susceptible to a cross-site request forgery vulnerability which could result in the execution of HTML or script code in the context of the admins browser. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec LiveUpdate Administrator...
Mandriva Update for freeciv MDVSA-2010:205 (freeciv)
Check for the Version of freeciv OpenVAS Vulnerability Test Mandriva Update for freeciv MDVSA-2010:205 freeciv Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Linux Security Advisory : freeciv (MDVSA-2010:205)
A vulnerability was discovered and corrected in freeciv : freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7...
[ MDVSA-2010:205 ] freeciv
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:205 http://www.mandriva.com/security/ Package : freeciv Date : October 15, 2010 Affected: 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1...
CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
DEBIAN-CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
Design/Logic Flaw
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
UBUNTU-CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
CVE-2010-2445
CVE-2010-2445 affects Freeciv 2.2.x before 2.2.1 and 2.3.x before 2.3.0. A vulnerability in the Lua scripting component allows a scenario to load restricted Lua modules (os, io, package, dofile, loadfile, loadlib, module, require), enabling remote attackers to read arbitrary files or execute arbi...
CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...