Microsoft XML Core Service Information Disclosure Vulnerability

This host is installed with Microsoft XML Core Service and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmsxmlcoresvcinfodiscvuln.nasl 16112 2009-02-18 12:40:24Z feb$ Microsoft XML Core Service Information Disclosure Vulnerability Update by Antu sanadi on...

Fedora Update for git FEDORA-2008-11650

Check for the Version of git OpenVAS Vulnerability Test Fedora Update for git FEDORA-2008-11650 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Moderate: Red Hat Security Advisory: mod_auth_mysql security update

An updated modauthmysql package to correct a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The modauthmysql package includes an extension module for the Apache HTTP Server which...

Design/Logic Flaw

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Information disclosure

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

CVE-2009-0411

Removed by vendor...

ITLPoll 2.7 Stable2 - Blind SQL Injection

". "\n☢ Ex : ./itlpoll.php localhost /itlpoll password". "\n\n"; exit ; function query $func, $chr, $pos //replace 1' with a valid poll number if you have problems. See hostname/path/?Archive for a list of polls. $query = "1' AND ORDMIDSELECT IFNULLCAST$func AS CHAR10000, CHAR32 FROM itlconfig...

CVE-2008-2384

SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ backslash as part of the character encoding, allows remote attackers to execute arbitrary SQL...

Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal PRSETPDEATHSIG...

kernel: open() call allows setgid bit when user is not in new file's group

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...

BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)

BSD/x86 - setuid0 + Break chroot ../ 10x Loop + Bind TCP 2222/TCP Shell Shellcode 133 bytes. Shellcode exploit for BSDx86 platform / The setuid0+chroot+bind shellcode it will: setuid0 put '../' 10 times in chroot open shell on 2222nd port Size 133 bytes OS BSD /rootteam/dev0id rootteam.void.ru...

CVE-2008-5709

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager CM 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the 1 Set Static Routes and 2 Backup...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager CM 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the 1 Set Static Routes and 2 Backup...