Debian DSA-1933-1 : cups - missing input sanitising

Aaron Siegel discovered that the web interface of cups, the Common UNIX Printing System, is prone to cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1933. The...

Debian DSA-1882-1 : xapian-omega - missing input sanitization

It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user-supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially...

Debian DSA-1947-1 : shibboleth-sp, shibboleth-sp2, opensaml2 - missing input sanitising

Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. More details can be found in the Shibboleth advisory at http://shibboleth.internet2.edu/secadv/secadv20091104.txt. %NASLMINLEVEL 70300 C Tenable Network Securit...

Debian Security Advisory DSA 1974-1 (gzip)

The remote host is missing an update to gzip announced via advisory DSA 1974-1. OpenVAS Vulnerability Test $Id: deb19741.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 1974-1 gzip Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

CentOS Update for php CESA-2010:0040 centos4 x86_64

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0040 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion

------------------------------------------------------------------------ Debian Security Advisory DSA-1965 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 06, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1878-1 [email protected] http://www.debian.org/security/ Florian Weimer September 02, 2009 http://www.debian.org/security/faq -...

Debian DSA-1744-1 : weechat - missing input sanitization

Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution...

Debian DSA-1664-1 : ekg - missing input sanitising

It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

[SECURITY] [DSA 1664-1] New ekg packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1664-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 10, 2008 http://www.debian.org/security/faq -...

Debian DSA-1481-1 : python-cherrypy - missing input sanitising

It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 1481-1] New python-cherrypy packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1481-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2008 http://www.debian.org/security/faq -...

Debian DSA-1475-1 : gforge - missing input sanitising

Jose Ramon Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

Debian Security Advisory DSA 650-1 (sword)

The remote host is missing an update to sword announced via advisory DSA 650-1. OpenVAS Vulnerability Test $Id: deb6501.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 650-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian DSA-1461-1 : libxml2 - missing input validation

Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-1418-1 : cacti - missing input sanitising

It was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitising, which allows SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Debian DSA-1417-1 : asterisk - missing input sanitising

Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitising of call-related data, which may lead to SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-1333-1 : libcurl3-gnutls - missing input validation

It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-1324-1 : hiki - missing input sanitising

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1315-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq -...