CVE-2009-4248

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and...

Magento Community Edition 1.3.2.43 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The full text of this advisory can be found at: http://www.madirish.net/?article=445 Description of Vulnerability: - ----------------------------- Magento http://www.magentocommerce.com/ is an eCommerce platform written in MySQL and PHP. Magento...

OpenJDK JRE AWT setDifflCM stack overflow (6872357)

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

CVE-2009-3566

The CVE-2009-3566 issue affects McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.8.1, where the session ID cookie is issued without the HttpOnly flag, enabling an XSS-based theft of the session cookie and potential remote session hijacking. Source material indicates the vulnerabi...

Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow

Exploit for unknown platform in category remote exploits ================================================================================ Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow Vulnerability ==============================================================================...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

kernel: personality: fix PER_CLEAR_ON_SETID

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability

This host is installed with Rhino Software Serv-U and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbrhinosoftserv-usitesetdosvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Rhino Software Serv-U 'SITE SET' Command Denial Of Service vulnerability Authors: Sharath S...

IBM DB2 Unspecified Vulnerability (Linux)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnlin.nasl 7113 2017-09-13 06:03:30Z cfischer $ IBM DB2 Unspecified Vulnerability Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

IBM DB2 Unspecified Vulnerability (Windows)

The host is installed with IBM DB2 and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2unspesifiedvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ IBM DB2 Unspecified Vulnerability Windows Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors...

Authorization

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors...

CVE-2009-3172

Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights...

DEBIAN-CVE-2009-3050

Buffer overflow in the setpagesize function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file wit...

SQL query result set for injecting the effects and use-vulnerability and early warning-the black bar safety net

For injection purposes, the error message is extremely important. The so-called error message refers to and the correct page different results back, the master is very attention to this point, which injection point the precise judgment is essential. The ask discussed under several categories of...

FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:12.bind.asc ADV FreeBSD-SA-09:12.bind.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:12.bind.asc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

BIND -- Dynamic update message remote DoS

Problem Description: When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set RRset for this...