1085 matches found
php security update
CentOS Errata and Security Advisory CESA-2010:0919 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
Moderate: Red Hat Security Advisory: php security update
Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
AZL-6647 CVE-2010-2891 affecting package libsmi for versions less than 0.4.8-27
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...
DEBIAN-CVE-2010-2891
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...
Joomla TimeTrack 1.2.4 SQL Injection
TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities Name TimeTrack Vendor http://www.itrn.de Versions Affected 1.2.4 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-09-22 X. INDEX I. ABOUT THE...
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities Name TimeTrack Vendor http://www.itrn.de Versions Affected 1.2.4 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefrest...
Joomla! Component TimeTrack 1.2.4 - Multiple SQL Injections
TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities Name TimeTrack Vendor http://www.itrn.de Versions Affected 1.2.4 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-09-22 X. INDEX I. ABOUT THE...
Joomla Spielothek 1.6.9 Blind SQL Injection
Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection Name Spielothek Vendor http://www.spielban.de Versions Affected 1.6.9 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-31 X. INDEX I. ABOUT THE...
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '' NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...
SIP Username Enumerator (TCP)
Scan for numeric username/extensions using OPTIONS/REGISTER requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SIP Username Enumerator TCP', 'Description' = 'Scan for numeric...
Code injection
Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...
DEBIAN-CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...
CentOS 5 : openoffice.org (CESA-2008:0835)
Updated openoffice.org packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such...
DEBIAN-CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)
The Horde team reports : An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a...