1409 matches found
CVE-2010-4726
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669...
Mathematica8 on Linux /tmp/MathLink vulnerability
The problem that was reported as below for Mathematica7, is present also/still in the "free trial" version of Mathematica8. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia --- I wrote on 14 May 2010:...
[SECURITY] Fedora 13 Update: glibc-2.12.1-3
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...
[SECURITY] Fedora 14 Update: glibc-2.12.90-17
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...
Intel® Math Kernel Library Insecure File Permission Local Privilege Escalation
Summary: The Intel® Math Kernel Library Intel® MKL is a library of highly optimized, extensively threaded math routines for science, engineering, and financial applications that require maximum performance. An updated version of the software is available for Intel® MKL users to mitigate this...
Mathematica on Linux /tmp/MathLink vulnerability
"If you're doing anything technical, think Mathematica --..." http://www.wolfram.com/products/mathematica/index.html Mathematica7 on Linux uses the /tmp/MathLink directory in insecure ways. Mathematica creates or re-uses an existing /tmp/MathLink directory, and overwrites files within and follows...
Mathematica Symlink Attack
"If you're doing anything technical, think Mathematica --..." http://www.wolfram.com/products/mathematica/index.html Mathematica7 on Linux uses the /tmp/MathLink directory in insecure ways. Mathematica creates or re-uses an existing /tmp/MathLink directory, and overwrites files within and follows...
qscan NSE Script
Repeatedly probe open and/or closed ports on a host to obtain a series of round-trip time values for each port. These values are used to group collections of ports which are statistically different from other groups. Ports being in different groups or "families" may be due to network mechanisms...
Charlie Miller on Mac OS X, Pwn2Own and Writing Exploits
The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators. During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hack...
[CORELAN-10-13] - Windisc Local Stack BOF
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
Windisc version 1.3 Stack Buffer Overflow Vulnerability
Exploit for windows platform in category local exploits ======================================================= Windisc version 1.3 Stack Buffer Overflow Vulnerability ======================================================= 0x00 : Vulnerability information -------------------------------- Product...
Windisc 1.3 - Local Stack Buffer Overflow
Windisc 1.3 - Local Stack Buffer Overflow |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
ipidseq NSE Script
Classifies a host's IP ID sequence test for susceptibility to idle scan. Sends six probes to obtain IP IDs from the target and classifies them similarly to Nmap's method. This is useful for finding suitable zombies for Nmap's idle scan -sI as Nmap itself doesn't provide a way to scan for these...
[SECURITY] Fedora 11 Update: mimetex-1.71-1.fc11
MimeTeX lets you easily embed LaTeX math in your html pages. It parses a La TeX math expression and immediately emits the corresponding gif image, rather t han the usual TeX dvi. And mimeTeX is an entirely separate little program that doesn't use TeX or its fonts in any way...
SUSE: Security Summary (SUSE-SR:2009:014)
The remote host is missing updates announced in advisory SUSE-SR:2009:014. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
openSUSE Security Update : OpenOffice_org-math (OpenOffice_org-math-1191)
Secunia reported an integer underflow CVE-2009-0200 and a buffer overflow CVE-2009-0201 that could be triggered while parsing Word documents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Vulnerability in Dumb math captcha for WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в плагине Dumb math captcha для WordPress. Insufficient Anti-automation: При передаче параметра action со значением commentopenid, значение ответа капчи не проверяется, что позволяет обойти капчу на страница...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Dumb math captcha: protection bypass backdoor...
Vulnerabilities in Dumb math captcha for WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Full path disclosure уязвимостях в плагине Dumb math captcha для WordPress. Insufficient Anti-automation: Капча на страницах записей уязвима к Constant values bypass method, который я описал в проекте Month of Bugs i...
CVE-2009-1669
The smartyfunctionmath function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information...