[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox regression (USN-2102-2)

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan...

[SECURITY] Fedora 19 Update: zarafa-7.1.8-1.fc19

The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. OpenVAS Vulnerability Test $Id: secpodms14-009.nasl 7582 2017-10-26 11:56:51Z cfischer $ Microsoft .NET Framework Multiple Vulnerabilities 2916607 Authors: Thanga Prakash S Copyright: Copyright C 2014...

MS14-011: Description of the security update for Visual Basic Scripting Edition (VBScript) 5.8: February 11, 2014

Addresses a vulnerability by changing how the VBScript scripting engine handles objects in memory.INTRODUCTIONMicrosoft has released security bulletin MS14-011. To view the complete security bulletin, go to one of the following Microsoft websites: Home...

CVE-2014-1213 - Denial of Service in Sophos Anti Virus

Vulnerability title: Denial of Service in Sophos Anti Virus CVE: CVE-2014-1213 Vendor: Sophos Product: Anti Virus Version: 10.0.11/Engine 3.48.x Reported by: Graham Sutherland Details: The following system objects do not have access control lists ACLs set, thus allowing any user to access and...

Sophos antivirus weak permissions

Weak permssions for system objects...

Sophos Anti-Virus Engine < 3.50.1 System Objects DoS

The Sophos Anti-Virus install on the remote host uses an engine version earlier than 3.50.1. As such, it reportedly has a misconfigured Access Control List ACL on certain system objects that could allow a local attacker to cause the host to become sluggish and eventually crash, or display false...

Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

Secunia Research: OpenPNE PHP Object Injection Vulnerability

====================================================================== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability ====================================================================== Table of Contents Affected...

CVE-2014-0792

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types...

Code injection

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types...

CVE-2014-0792

Affected: Sonatype Nexus 1.x and 2.x prior to 2.7.1. Vulnerability: remote code execution through unmarshalling of unintended Object types in Nexus (XStream-based deserialization). Impact: attacker could create arbitrary objects and execute arbitrary code remotely. Root cause: unsafe deserializat...

CVE-2013-5886

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects...

Design/Logic Flaw

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects...

CVE-2013-5886

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects...

CVE-2013-5886

CVE-2013-5886 describes an unspecified vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products 9.1 and 9.2 . The issue could allow remote attackers to affect integrity via unknown vectors related to Common Application Objects . The provided records show no concrete...