3473 matches found
Open-Source Collaboration Framework: Dradis
Collaboration and reporting framework for InfoSec teams Some of the features: Platform independent Markup support for the notes: text styles, code blocks, images, links, etc. Integration with existing systems and tools: Brakeman Burp Suite MediaWiki Metasploit Nessus NeXpose Nikto Nmap OpenVAS...
libpurple: invalid UTF-8 string handling in SILC messages
The gmarkupescapetext function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service crash via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, relate...
[SECURITY] Fedora 16 Update: opensaml-2.3-6.fc16
OpenSAML is an open source implementation of the OASIS Security Assertion Markup Language Specification. It contains a set of open source C++ classes that support the SAML 1.0, 1.1, and 2.0 specifications...
Fedora Update for opensaml FEDORA-2011-12890
Check for the Version of opensaml OpenVAS Vulnerability Test Fedora Update for opensaml FEDORA-2011-12890 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
JBossWS remote Denial of Service
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...
Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Citrix XenApp / XenDesktop XML Service - Heap Corruption
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in Citrix XML Service Risk: HIGH Vendor...
Data URIs may be used to initiate cross site scripting against unrelated sites
Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...
UBUNTU-CVE-2011-1756
modules/xmpp/servxmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue t...
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
This host is missing a critical security update according to Microsoft Bulletin MS11-052. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
The remote host is missing Internet Explorer IE Security Update 2497640. The installed version of IE is affected by a vulnerability in the implementation of the Vector Markup Language VML that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc...
CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
Design/Logic Flaw
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
CVE-2011-1952
CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a
Fedora 14 : viewvc-1.1.11-1.fc14 (2011-7222)
security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...
DEBIAN-CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
PYSEC-2011-20
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
DEBIAN-CVE-2011-1425
xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...
Google Chrome information disclosure vulnerability
Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...