8675 matches found
Wireshark Multiple Denial Of Service Vulnerability (Nov 2009) - Linux
Wireshark is prone to multiple Denial of Service vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Serv-U 'SITE SET TRANSFERPROGRESS ON' Command Remote Denial of Service Vulnerability
Serv-U is prone to a remote denial-of-service vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:serv-u:serv-u";...
[SECURITY] Fedora 10 Update: bugzilla-3.2.5-1.fc10
Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines local or remote, Bugzilla will not work - see the Release Notes for details...
fwbuilder -- security issue in temporary file handling
Firewall Builder release notes reports: Vadim Kurland [email protected] reports: Fwbuilder and libfwbuilder 3.0.4 through to 3.0.6 generate iptables scripts with a security issue when also used to generate static routing configurations...
VMSA-2009-0011 VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0011 Synopsis: VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0 Issue date: 2009-08-31...
VMware Studio虚拟应用设备WEB接口文件上传目录遍历漏洞
Bugraq ID: 36199 CVE ID:CVE-2009-2968 VMware Studio是一款用于开发,配置,定制虚拟应用程序和应用设备的解决方案。 VMware Studio支持的web接口组件不正确过滤用户输入,远程攻击者可以利用漏洞上传文件到VMware Studio虚拟应用设备上的任意目录中。 不过此漏洞不影响由 Studio 2.0 beta建立的虚拟机。 VMWare Studio 2.0 beta 用户可联系供应商获得相应产品的补丁或升级程序: VMware Studio 2.0 build 1017-185256...
[SECURITY] Fedora 11 Update: bugzilla-3.2.4-1.fc11
Bugzilla is a popular bug tracking system used by multiple open source proj ects It requires a database engine installed - either MySQL, PostgreSQL or Oracl e. Without one of these database engines local or remote, Bugzilla will not work - see the Release Notes for details...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update
Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP05. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platfor...
LimeSurvey Detection (HTTP)
Detection of LimeSurvey. The script sends a connection request to the server and attempts to detect LimeSurvey and its version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
FreeBSD : mailman XSS in create script (429249d2-67a7-11d8-80e3-0020ed76ef5a)
From the 2.1.3 release notes : Closed a cross-site scripting exploit in the create cgi script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...
Debian DSA-1751-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0771 Martijn Wargers, Jesse Ruderman and Josh Soref...
GoAhead WebServer information disclosure and authentication bypass vulnerabilities
Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...
[DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x
Digital Security Research Group DSecRG Advisory DSECRG-08-041 Application: XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug: Stored XSS Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors: Digital...
[DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x
Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...
XOOPS 2.3.1/2.3.2a Cross Site Scripting
Digital Security Research Group DSecRG Advisory DSECRG-08-041 Application: XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug: Stored XSS Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors: Digital...
dovecot -- ACL plugin bypass vulnerabilities
Timo Sirainen reports in dovecot 1.1.4 release notes: ACL plugin fixes: Negative rights were actually treated as positive rights. 'k' right didn't prevent creating parent/child/child mailbox. ACL groups weren't working...
freeway-lfixss.txt
┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...
Do not release details about securrity vulnerabilities until after the fix was available for a reasonable period of time
It is an unfortunate practice at Atlassian to as a part of release notes release all the information, often including example exploits|http://jira.atlassian.com/browse/CONF-9350, about security vulnerabilities that were fixed in the version being released. This gives us great headaches because: w...
Do not release details about securrity vulnerabilities until after the fix was available for a reasonable period of time
It is an unfortunate practice at Atlassian to as a part of release notes release all the information, often including example exploits|http://jira.atlassian.com/browse/CONF-9350, about security vulnerabilities that were fixed in the version being released. This gives us great headaches because: w...
Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)
Fri Feb 8 2008 Ville Skytta - 1.1.10.1-1 - 1.1.10.1 security update, 431541. Sun Jan 27 2008 Ville Skytta - 1.1.10-2 - Include spu, spucc, and spucmml decoders 213597. Upstream release notes: http://sourceforge.net/project/shownotes.php?groupid=96 55&releaseid=574735 Note that Tenable Network...