FreeBSD : cyrus-sasl -- dynamic library loading and set-user-ID applications (92268205-1947-11d9-bc4a-000c41e2cdad)

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASLPATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application such as chsh...

Sql injection

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. OpenVAS Vulnerability Test $Id: cvstracdetect.nasl 5721 2017-03-24 14:42:01Z cfi $ cvstrac Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is...

Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability Advisory ID: cisco-sa-20090325-tcp http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC...

Firefox 3 crashes in the JavaScript engine

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...

CentOS Update for expect CESA-2008:0134 centos3 i386

Check for the Version of expect OpenVAS Vulnerability Test CentOS Update for expect CESA-2008:0134 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for expect CESA-2008:0134 centos3 x86_64

Check for the Version of expect OpenVAS Vulnerability Test CentOS Update for expect CESA-2008:0134 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Microsoft XML Core Service Information Disclosure Vulnerability

This host is installed with Microsoft XML Core Service and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmsxmlcoresvcinfodiscvuln.nasl 16112 2009-02-18 12:40:24Z feb$ Microsoft XML Core Service Information Disclosure Vulnerability Update by Antu sanadi on...

Fedora Update for git FEDORA-2008-11650

Check for the Version of git OpenVAS Vulnerability Test Fedora Update for git FEDORA-2008-11650 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Moderate: Red Hat Security Advisory: mod_auth_mysql security update

An updated modauthmysql package to correct a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The modauthmysql package includes an extension module for the Apache HTTP Server which...

Design/Logic Flaw

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...