RHEL 6 : perl (RHSA-2011:1424)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1424 advisory. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflo...

Moderate: Red Hat Security Advisory: perl security update

Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

Mandriva Update for samba MDVSA-2011:148 (samba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

WebCookiesSniffer - New cookies sniffer/viewer utility

WebCookiesSniffer - New cookies sniffer/viewer utility WebCookiesSniffer is a new packet sniffer utility that captures all web site cookies sent between the web browser and the web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string...

CVE-2011-2861

Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation...

Cross site scripting

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

samba: mount.cifs improper device name and mountpoint strings sanitization

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

Design/Logic Flaw

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

CVE-2011-3140

CVE-2011-3140 affects IBM Web Application Firewall used on G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030. The issue is in how the product handles query strings with multiple instances of the same parameter, allowing a malicious user to bypass intrusion prevention by ...

CVE-2011-2197

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

Cross site scripting

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

CVE-2011-2197

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

CVE-2011-2197

CVE-2011-2197 concerns Ruby on Rails XSS protection: the safe-buffer mutation handling in Rails’ XSS prevention can be bypassed, enabling remote XSS via crafted input. Affected: Rails 2.x before 2.3.12; Rails 3.0.x before 3.0.8; Rails 3.1.x before 3.1.0.rc2. Root cause per advisory: improper muta...

CVE-2011-2197

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

CVE-2011-0206

Buffer overflow in International Components for Unicode ICU in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via vectors involving uppercase strings...

Buffer overflow

Buffer overflow in International Components for Unicode ICU in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via vectors involving uppercase strings...

CVE-2011-0206

Buffer overflow in International Components for Unicode ICU in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via vectors involving uppercase strings...

Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)

It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. CVE-2010-1168, CVE-2010-1447 It was discovered that the CGI.pm Perl module...

DEBIAN-CVE-2011-2216

reqrespparser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a malformed Contact header...

AST-2011-007

Asterisk Project Security Advisory - AST-2011-007 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |...