[ MDVSA-2012:132 ] glpi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:132 http://www.mandriva.com/security/ Package : glpi Date : August 15, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple cross-site request forgery CSRF and cross-site scripting XSS flaws ha...

Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world. Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure...

Fedora Update for wireshark FEDORA-2012-12091

Check for the Version of wireshark OpenVAS Vulnerability Test Fedora Update for wireshark FEDORA-2012-12091 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Fedora Update for pidgin FEDORA-2012-10287

Check for the Version of pidgin OpenVAS Vulnerability Test Fedora Update for pidgin FEDORA-2012-10287 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for ikiwiki FEDORA-2012-7976

Check for the Version of ikiwiki OpenVAS Vulnerability Test Fedora Update for ikiwiki FEDORA-2012-7976 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

[SECURITY] Fedora 17 Update: drupal6-ctools-1.9-1.fc17

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

[SECURITY] Fedora 17 Update: wireshark-1.6.10-1.fc17

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

WordPress <= 3.4.1 - Multiple vulnerabilities

Multiple vulnerabilities are in the wp-admin/plugins.php. Because of that, remote authenticated users can make unintended plugin changes by leveraging the Administrator role. Solution Update WordPress...

Gentoo Security Advisory GLSA 201207-05 (pidgin-otr)

The remote host is missing updates announced in advisory GLSA 201207-05. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Hardcoded credentials

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email...

CVE-2012-3413

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email...

Scientific Linux Security Update : gstreamer-plugins on SL3.x, SL4.x i386/x86_64

An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim...

Scientific Linux Security Update : gstreamer-plugins-good on SL5.x i386/x86_64

Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary...

Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64

The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library libmodplug modules, embedde...

Scientific Linux Security Update : gstreamer-plugins-base on SL5.x i386/x86_64

An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim...

Scientific Linux Security Update : gstreamer-plugins-good on SL5.x i386/x86_64

Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute...

CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for gstreamer-plugins CESA-2011:0477 centos4 x86_64

Check for the Version of gstreamer-plugins OpenVAS Vulnerability Test CentOS Update for gstreamer-plugins CESA-2011:0477 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64

Check for the Version of gstreamer-plugins OpenVAS Vulnerability Test CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...