glibc security update

2.5-123.0.1.el511.3 - Switch to use malloc when the input line is too long Orabug 19951108 Jason Luan - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin 2.5-123.3 - Fix invalid-free when using getaddrinfo and AIIDN CVE-2013-7424, 2.5-123.1 - Fix...

The vulnerability of the Adobe Acrobat DC PDF editing program allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Acrobat DC PDF editing program is related to a buffer overflow in the dynamic memory, caused by a numerical overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the Flash Player software is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Medium: postgresql8

Issue Overview: An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages...

postgresql: buffer overflow in the to_char() function

A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user...

UBUNTU-CVE-2015-0241

The tochar function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a 1 large number of digits when processing a numeric...

OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long Orabug 19951108 - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin - Fix parsing of numeric hosts ...

OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix parsing of numeric hosts in gethostbynamer CVE-2015-0235, 1183533. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security...

glibc security update

Oracle Linux 7: 2.17-55.0.4.el70.5 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.5 - Rebuild and run regression testing...

CVE-2014-9115

SQL injection vulnerability in the ratepicture function in include/functionsrate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a...

[SECURITY] Fedora 20 Update: pwgen-2.07-1.fc20

pwgen generates random, meaningless but pronounceable passwords. These passwords contain either only lowercase letters, or upper and lower case, or upper case, lower case and numeric digits. Upper case letters and numeric digits are placed in a way that eases memorizing the password...

Position independent & Alphanumeric 64-bit execve"/bin/sh\0",NULL,NULL; 87 bytes

Position independent & Alphanumeric 64-bit execve"/bin/sh\0",NULL,NULL; 87 bytes. Shellcode exploit for linux platform Title: Position independent & Alphanumeric 64-bit execve"/bin/sh\0",NULL,NULL; 87 bytes Author: Breaking.Technology Date: 06 November 2014 Vendor Homepage:...

openSUSE: Security Advisory for curl (openSUSE-SU-2014:1139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AppleTV AirPlay Login Utility

This module attempts to authenticate to an AppleTV service with the username, 'AirPlay'. The device has two different access control modes: OnScreen and Password. The difference between the two is the password in OnScreen mode is numeric-only and four digits long, which means when this option is...

Password Security Scanner - Check the security/strength of your passwords on Windows

This utility scans the passwords stored by popular Windows applications Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more... and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number...

UnrealIRCd 3.x Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17057/info UnrealIRCd is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. !/usr/bin/perl Denial of Service exploit for UnrealIRCd 3.2.3...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)

This php5 update fixes : - CVE-2011-0421: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P: Input Validation CWE-20 - CVE-2011-1092: CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Numeric Errors CWE-189 - CVE-2011-1148: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P: Resource Managemen...

UBUNTU-CVE-2014-3776

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via a "f" value in the NUM argumen...

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

CSCMS V3.5 最新补丁后 又一个SQL注射（源码详析）

简要描述： CSCMS V3.5 最新补丁后 又一个SQL注射（源码详析） 之前的注射已经修补了，但是还有几处注射点没有注意到 详细说明： 在addslash + 引号保护 的情况下 要格外注意数字型变量的处理 /app/controllers/home.php line:1020 public function gbookdel header"Expires: Mon, 26 Jul 1997 05:00:00 GMT"; header"Cache-Control: no-cache, must-revalidate"; header"Pragma: no-cache";...