DEBIAN-CVE-2013-1653

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...

DEBIAN-CVE-2013-2496

The msrledecode8162432 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted...

[Web-Sorrow] Tool for Misconfiguration, Version Detection, Enumeration, and Server Information Scanning

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any...

Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113)

This host is missing an important security update according to Microsoft Bulletin MS13-019. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113)

This host is missing an important security update according to Microsoft Bulletin MS13-019. OpenVAS Vulnerability Test $Id: secpodms13-019.nasl 5346 2017-02-19 08:43:11Z cfi $ MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability 2790113 Authors: Antu Sanadi Copyright:...

CVE-2013-0928

CVE-2013-0928 affects EMC AlphaStor, specifically the Device Manager process rrobotd.exe. The vulnerability is a remote command injection flaw exposed via the DCP run command, caused by improper input handling. Versions prior to 4.0 Build 800 are vulnerable; upgrading to 4.0 Build 800 or later is...

MS System Center Operations Manager XSS Vulnerabilities (2748552)

This host is missing an important security update according to Microsoft Bulletin MS13-003. OpenVAS Vulnerability Test $Id: secpodms13-003.nasl 6520 2017-07-04 14:28:49Z cfischer $ MS System Center Operations Manager XSS Vulnerabilities 2748552 Authors: Rachana Shetty Copyright: Copyright c 2013...

Opera Truncated Dialogs Code Execution Vulnerability - Windows

Opera is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Truncated Dialogs Code Execution Vulnerability (Mac OS X)

The host is installed with Opera and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gboperatruncationdialogcodeexecvulnmacosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Opera Truncated Dialogs Code Execution Vulnerability Mac OS X Authors: Antu Sanadi Copyright: Copyright ...

Opera Truncated Dialogs Code Execution Vulnerability - Mac OS X

Opera is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unbreakable Enterprise kernel security update

2.6.32-300.39.1 - hugepages: fix use after free bug in 'quota' handling 15842385 CVE-2012-2133 - mm: Hold a file reference in madviseremove 15842884 CVE-2012-3511 - udf: Fortify loading of sparing table 15843730 CVE-2012-3400 - udf: Avoid run away loop when partition table length is corrupt...

Unbreakable Enterprise kernel security update

2.6.39-300.17.2 - hugepages: fix use after free bug in 'quota' handling Orabug: 15845276 CVE-2012-2133 - udf: Fortify loading of sparing table Orabug: 15845302 CVE-2012-3400 - udf: Avoid run away loop when partition table length is corrupt Orabug: 15845302 CVE-2012-3400 - mm: Hold a file referenc...

UBUNTU-CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then calling the KVMRUN ioctl...

DEBIAN-CVE-2012-4436

Buffer overflow in the runlastargs function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service client crash and possibly execute arbitrary code via many .fwknop.run arguments...

Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix

A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the...

Blog Mod 0.1.9 SQL Injection

How does this exploit works? It exploits one of the several SQL Injections in the system. Specifiedly, in the file "index.php", parr "month". Usage: php filename.php / function puts$str echo $str."\n"; function gets return trimfgetsSTDIN; function hex$string $hex=''; // PHP 'Dim' = for $i=0; $i...

CVE-2012-2793

Unspecified vulnerability in the lagdecodezerorunline function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."...

CVE-2012-3962

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document...

Design/Logic Flaw

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a deni...

Mozilla: Multiple Use-after-free issues (MFSA 2012-58)

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of...