335 matches found
FreePBX 2.10.0 Remote Command Execution / XSS
Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX...
[SECURITY] [DSA 2350-1] freetype security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2350-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 20, 2011 http://www.debian.org/security/faq -...
Debian DSA-2328-1 : freetype - missing input sanitising
It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
Debian DSA-2302-1 : bcfg2 - missing input sanitization
It has been discovered that the Bcfg2 server, a configuration management server for Bcfg2 clients, is not properly sanitizing input from Bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a Bcfg2 client to execute arbitrary commands on the server wit...
CentOS Update for gd CESA-2010:0003 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian DSA-2213-1 : x11-xserver-utils - missing input sanitization
Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the...
Debian DSA-2214-1 : ikiwiki - missing input validation
Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or...
Debian DSA-2211-1 : vlc - missing input sanitising
Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. This update also provides updated packages for oldstable lenny for vulnerabilities, which have...
Debian DSA-2175-1 : samba - missing input sanitising
Volker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 2175-1] samba security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2175-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 28, 2011 http://www.debian.org/security/faq -...
Debian DSA-2122-1 : glibc - missing input sanitization
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2092-1] New lxr-cvs packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2092-1 [email protected] http://www.debian.org/security/ Sebastien Delafond Aug 17th, 2010 http://www.debian.org/security/faq -...
Debian DSA-2085-1 : lftp - missing input validation
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute...
Debian DSA-2083-1 : moin - missing input sanitization
It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the addmsg function. This allows a remote attackers to conduct cross-site scripting XSS attacks for example via the template parameter. %NASLMINLEVEL 70300 C Tenable Network...
[SECURITY] [DSA 2021-2] New spamass-milter packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-2 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 26, 2010 http://www.debian.org/security/faq -...
Debian DSA-2039-1 : cacti - missing input sanitising
It was discovered that Cacti, a frontend to rrdtool for monitoring systems and services missed input sanitising, making a SQL injection attack possible. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...
Debian DSA-1878-1 : devscripts - missing input sanitation
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue b...