Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

CVE-2016-3716

It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an...

CVE-2016-3717

It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an...

CVE-2015-3177

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request...

Mandriva Linux Security Advisory : libvirt (MDVSA-2015:115)

Updated libvirt packages fix security vulnerabilities : The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt...

bugzilla -- Cross-Site Request Forgery

A Bugzilla Security Advisory reports: The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. If the victim then reports a new security sensitive bug, the attacker would get immediate access to this bug. Due to changes...

Race condition

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

User-defined properties on DOM proxies get the wrong "this" object — Mozilla

Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

Wrong principal used for validating URI for some Javascript components — Mozilla

Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier URI before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig...

Information disclosure

The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem...

Ubuntu Update for unity-firefox-extension USN-1665-1

Ubuntu Update for Linux kernel vulnerabilities USN-1665-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16651.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for unity-firefox-extension USN-1665-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

USN-1665-1: unity-firefox-extension vulnerability

It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tricked into opening a malicious page, an attacker could exploit this to steal confidential data or perform other security-sensitive operations...

Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pa_modify_accounts() Remote Code Execution

Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pamodifyaccounts Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 auth.dll pamodifyaccounts Remote Code Execution pre auth / SYSTEM privileges Tested against: Microsoft Windows 2003 r2 sp2 download url:...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

CVE-2011-2390

The default value of "StrictHostKeyChecking=no" has been used for kdump/ mkdumprd openssh integration. A remote malicious kdump server could use this flaw to impersonate the intended, correct kdump server to obtain security sensitive information kdump core files...

Fedora 8 : libetpan-0.54-1.fc8 (2008-5480)

Update to new upstream version 0.54 fixing a crash NULL pointer dereference in the mail message header parser. Note: There is no application in Fedora using libetpan library for which such crash could be considered a security issue. This can only be a security sensitive issue for some 3rd party,...