Moderate: Red Hat Security Advisory: liblouis security update

An update for liblouis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Ubuntu: Security Advisory (USN-2394-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-49-1 acpi-support - security update

Bulletin has no description...

Debian Security Advisory DSA 3020-1 (acpi-support - security update)

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user OpenVAS Vulnerability Test $Id: deb3020.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 3020-1 using nvtgen 1.0 Script version: 1.0 Author:...

Important: Red Hat Security Advisory: openjpeg security update

Updated openjpeg packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

RHEL 6 : resource-agents (RHSA-2011:1580)

An updated resource-agents package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

Debian DSA-2573-1 : radsecproxy - SSL certificate verification weakness

Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. Raphael Geissert spotted that the fix for CVE-2012-4523...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacker could possibly execute arbitrary code. CVE-2012-0212 Raphael Geissert discovered that the...

Cortana scripting language introduced for Cobalt Strike and Armitage

At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement. Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creat...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : devscripts vulnerabilities (USN-1366-1)

Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. CVE-2012-0210 Raphael Geissert discovered that debdiff...

Debian: Security Advisory (DSA-1878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-4127

PHP remote file inclusion vulnerability in checkentry.php in Ralf Image Gallery RIG, aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirabssrc parameter. NOTE: this issue is disputed by multiple third parties, who report that the...

CVE-2007-4127

CVE-2007-4127 affects Ralf Image Gallery (RIG) 1.0, where PHP remote file inclusion is possible via dir_abs_src in check_entry.php. Notes mention that exploitation may be blocked if register_globals is enabled, and CVE-2006-3210 covers earlier versions where register_globals enables RFI/Directory...

WikiNi-xss.txt

Hi, I've found 2 XSS vulns in WikiNi. The programmers have been contacted and the vulns addressed in version 0.4.4. The name parameter of page wakka.php is not properly sanitized: "alert'XSS Vulnerable';" The email parameter of page wakka.php is not properly sanitized: "alert'XSS Vulnerable';"...

WikiNi Multiple Cross Site Scripting Vulnerabilities

Hi, I've found 2 XSS vulns in WikiNi. The programmers have been contacted and the vulns addressed in version 0.4.4. The name parameter of page wakka.php is not properly sanitized: html body form method="POST" enctype="application/x-www-form-urlencoded" action="http://www.example.com/wakka.php"...

zenphoto1.0.2.txt

Vendor: zenphoto Vulnerable: zenphoto 1.0.2 beta and below The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta. Path Disclosure --------------- http://www.example.com/photos/zen/i.php?a=EXISTINGALBUMNAME&i=EXISTINGIMAGENAME&s=thumb%00 which returns: Warning:...

NoahsClassifieds.txt

Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : alert'XSS Vulnerable';" Advisory: http://zone14.free.fr/advisories/5/ --Raphael HUCK...

Noah's Classifieds Cross Site Scripting Vulnerability

Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : html body form method="POST" enctype="multipart/form-data" action="http://www.example.com/classifieds/index.php" input...