Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

PT-2015-2811 · Adobe +3 · Integrated Runtime +4

Name of the Vulnerable Software and Affected Versions: Adobe Integrated Runtime and Flash Player affected versions not specified Description: The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: ...

Error: "MODIFY FILE failed. Specified size is less than or equal to current size" Appears when Creating Provisioning Services SQL Database Farm

When configuring a newly installed Provisioning Services with a pre-created SQL database, errors during the configuration process and the ConfigWizard.log file contains entries similar to the following: 2010-11-09 10:33:10,337 1 ERROR Mapi.CommandProcessor - Exception of type...

PT-2015-1259 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to a memory corruption problem in the Flash Player platform. Exploitation of this issue could allow a remote attacker to execute arbitrary code or cause a...

OracleVM 3.0 : xen (OVMSA-2012-0056)

The remote OracleVM system is missing necessary patches to address critical security updates : - xen: fix error handling of guestphysmapmarkpopulateondemand The only user of the 'out' label bypasses a necessary unlock, thus enabling the caller to lock up Xen. Also, the function was never meant to...

PHP WDDX Serializier Data Injection Vulnerability-vulnerability warning-the black bar safety net

PHP WDDX Serializier Data Injection Vulnerability Taoguang Chen - 2014.11.2 PHP in the array is serialized into a WDDX structure of the process, there is no array key name strictly limited, can lead to falsification of the object WDDX structure. i serialize the object PHP in the object is...

PT-2019-6288 · Intel +7 · Edk Ii +7

Name of the Vulnerable Software and Affected Versions: EDK II affected versions not specified Description: The issue is related to an unlimited recursion in the EDK II UEFI development environment, specifically in DxeCore. This allows an attacker to access confidential data, compromise its...

Oatmeal Studios Mail File 1.10 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the...

HolaCMS 1.2/1.4.x Voting Module Remote File Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12789/info HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server. This is due an input validation error that allows users to submit voting data to an attacker-specified file. It ha...

Xine 0.9.x And Xine-Lib 1 Multiple Remote File Overwrite Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file...

CA BrightStor Universal Agent Overflow

No description provided by source. $Id: universalagent.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

No description provided by source. / cve-2009-1378.c OpenSSL = 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 In dtls1processoutofseqmessage the check if the...

[GDB] GNU Project Debugger

GDB, the GNU Project debugger, allows you to see what is going on inside' another program while it executes - or what another program was doing at the moment it crashed. GDB can do four main kinds of things plus other things in support of these to help you catch bugs in the act: Start your progra...

Search for specified dirs

This Plugin is searching for the specified webdirs. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AB-Unreal-Server

AB Unreal Server is prone to a remote buffer overflow because it fails to perform adequate boundary-checks on user-supplied data. Successfully exploiting will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a...

Microsoft Now Using IP Address to Map Malware Infections

Microsoft has a new way of determining the geolocation of systems infected with malware, and it had subtle but relevant effects on the 11th volume of the Microsoft Security Intelligence Report. It’s a novel concept, instead of relying on an administrator-specified setting that anyone with hands a...

Novell iPrint Client < 5.64 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is prior to 5.64. It is, therefore, affected by one or more of the following vulnerabilities in the nipplib.dll component, as used by both types of browser plugins, that can allow for arbitrary code execution : - The uri parameter...

USN-1046-1: Sudo vulnerability

Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the RunasSpec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group RunasSpec i...

PT-2010-4988 · Adobe +1 · Flash Player +1

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: General information about the issue is not provided. There is no information about the estimated number of potentially affected devices worldwide or details about real-world...

CVE-2009-0194

The domain-locking implementation in the GARMINAXCONTROL.GarminAxControlt.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that 1 download and 2 upload requests come from a web site specified by the user, which allows remote...