Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)

It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. CVE-2011-4885 ATTENTION: this update changes previous PHP...

SA-CONTRIB-2012-003 - Fill PDF - Multiple vulnerabilities

CVE: CVE-2012-1625 This module enables you to populate fillable PDF templates with data from nodes and webforms. Access bypass 7.x only Incorrectly-ordered arguments in a call to the function that handles the main functionality of the module makes it possible for an attacker to trigger any PDF to...

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several issues have been report...

[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-1.fc16

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

CentOS Update for java CESA-2010:0768 centos5 i386

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2010:0768 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors...

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors...

Buffer overflow

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors...

CVE-2011-2788

Removed by vendor...

USN-1154-1: OpenJDK 6 vulnerabilities

It was discovered that a heap overflow in the AWT FileDialog.show method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. CVE-2011-0815 It was dicovered that integer overflows in the JPEGImageReader readImage function and the...

OpenJDK Serialization inconsistencies (6966692)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

java-1.6.0-openjdk security update

1:1.6.0.0-1.22.1.9.8.0.1.el56 - Add oracle-enterprise.patch 1:1.6.0.0-1.22.1.9.8 - Resolves: rhbz668488 - Bumped to IcedTea6 1.9.8 - RH706250, S6213702, CVE-2011-0872: so non-blocking sockets with TCP urgent disabled get still selected for read ops win - RH706106, S6618658, CVE-2011-0865:...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

CVE-2010-3708

CVE-2010-3708 affects Red Hat JBoss Enterprise Application Platform (JBEAP) 4.3.x (prior to 4.3.0.CP09) and JBoss SOA Platform 4.2/4.3, where the Drools serialization embeds class files, enabling remote code execution via a crafted static initializer. The vulnerability is rooted in the serializat...

OpenJDK Serialization inconsistencies (6966692)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

OpenJDK Serialization inconsistencies (6966692)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

Winamp 5.6 - MIDI Parser Arbitrary Code Execution

Winamp 5.6 - MIDI Parser Arbitrary Code Execution http://www.kryptoslogic.com/advisories/2010/kryptoslogic-winamp-midi.txt PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/15706.c ==-===-=====-=======-===========-=============-================= Winamp 5.6...

RHEL 6 : java-1.6.0-openjdk (RHSA-2010:0865)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0865 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the...