Fedora Update for ikiwiki FEDORA-2011-5173

Check for the Version of ikiwiki OpenVAS Vulnerability Test Fedora Update for ikiwiki FEDORA-2011-5173 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 14 Update: ikiwiki-3.20110328-1.fc14

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

[SECURITY] Fedora 13 Update: ikiwiki-3.20100815.7-1.fc13

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

backorifice-info NSE Script

Connects to a BackOrifice service and gathers information about the host and the BackOrifice service itself. The extracted host information includes basic system setup, list of running processes, network resources and shares. Information about the service includes enabled port redirections,...

[SECURITY] Fedora 15 Update: ikiwiki-3.20110328-1.fc15

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to documents under the /jmx-console directory. This is due to a misconfiguration in web.xml which only requires authentication for GET and POST requests. Specifying a different verb...

Google Chrome Warns Users About Vulnerable Plugins

Google has added a new security feature to the latest versions of its Chrome browser that will now warn users when the browser encounters out-of-date plugins and will automatically disable them. The latest versions of Google Chrome has upgraded the browser’s ability to protect users against...

Step 6: Update and Patch

With your machine disinfected, take a few moments to update your operating system software and any third party applications to their latest and most secure version. Rogue antivirus and scareware programs are usually delivered as drive by downloads spawned by malicious Web sites. These leverage...

[SECURITY] Fedora 14 Update: pidgin-2.7.11-1.fc14

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just...

Google Chrome < 9.0.597.107 Multiple Vulnerabilities

Binary data 5807.pasl...

Mozilla Foundation Security Advisory 2011-10

Mozilla Foundation Security Advisory 2011-10 Title: CSRF risk with plugins and 307 redirects Impact: High Announced: March 1, 2011 Reporter: Peleus Uhley Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.14 Firefox 3.5.17 SeaMonkey 2.0.12 Description Adobe security researcher Peleus Uhley report...

Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)

Cross-site request forgery CSRF vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a...

FreeBSD : mozilla -- multiple vulnerabilities (45f102cd-4456-11e0-9580-4061862b8c22)

The Mozilla Project reports : MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05...

Nessus 4.4.1 Latest Version Download !

Nessus 4.4.1 Latest Version Download ! New in this version: Scan Scheduling Nessus 4.4 lets you configure scans to run periodically on a daily/weekly/monthly basis. Configure your scans and let Nessus start them at the most appropriate time --- Enhanced Reporting Nessus 4.4 lets you compare...

CSRF risk with plugins and 307 redirects — Mozilla

Independent security researcher Kuza55 and Microsoft security researcher Tom Gallagher reported that when plugin-initiated requests receive a 307 redirect response, the plugin is not notified and the request is forwarded to the new location. This is true even for cross-site redirects, so any cust...

PYSEC-2011-30

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

Cross site request forgery (csrf)

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

Google Chrome < 9.0.597.94 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 9.0.597.94. Such versions are reportedly affected by multiple vulnerabilities : - An error exists in the processing of animations events related to stale pointers. Issue 67234 - An error exists in the processing of SVG font...