83 matches found
Exploit for Code Injection in Nette Application
CVE-2020-15227 DISCLAIMER! I take no responsibility of using...
Server buffer overflow in Pure Faction <= 3.0c
Application: Pure Faction http://www.purefaction.org Versions: = 3.0c Platforms: Windows Bug: server buffer overflow Risk: highly critical Exploitation: remote and automatic requires attacker to have joined server Date: 13 Mar 2015 Author: soulsgetnothing e-mail: soulsgetnothing at hotmail dot co...
Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4245_arbitrary_code)
The remote Solaris system is missing necessary patches to address security updates : - The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. CVE-2012-4245 %NASLMINLEVEL 70300 C Tenable...
Oracle Solaris Third-Party Patch Update : bind (cve_2011_4313_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial o...
Oracle Solaris Third-Party Patch Update : gnutls (cve_2014_0092_cryptographic_issues)
The remote Solaris system is missing necessary patches to address security updates : - lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoo...
Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the newmsglsachangenotify function in the OSPFD API ospfapi.c in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers...
Oracle Solaris Third-Party Patch Update : facter (cve_2014_3248_untrusted_search)
The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...
Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)
The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a...
Oracle Solaris Third-Party Patch Update : squid (multiple_vulnerabilities_in_squid)
The remote Solaris system is missing necessary patches to address security updates : - Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption...
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)
The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)
The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory...
Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_2141_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via ...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark6)
The remote Solaris system is missing necessary patches to address security updates : - The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet. CVE-2013-492...
Oracle Solaris Third-Party Patch Update : libxtsol (cve_2014_0397_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle Third Party software advisories. include'deprecatednasllevel.inc';...
Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)
The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/ libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12....
Oracle Solaris Third-Party Patch Update : perl-58 (cve_2011_3597_improper_input)
The remote Solaris system is missing necessary patches to address security updates : - Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. CVE-2011-3597 %NASLMINLEVEL 70300 C Tenable Netwo...
Oracle Solaris Third-Party Patch Update : samba (multiple_vulnerabilities_in_samba1)
The remote Solaris system is missing necessary patches to address security updates : - The sysrecvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed...
Oracle Solaris Third-Party Patch Update : freetype (multiple_buffer_errors_vulnerabilities_in)
The remote Solaris system is missing necessary patches to address security updates : - FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via vectors related to BDF fonts and the improper handling of an 'allocation error' in t...
Oracle Solaris Third-Party Patch Update : cvs (cve_2012_0804_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
Oracle Solaris Third-Party Patch Update : modsecurity (cve_2012_2751_improper_input)
The remote Solaris system is missing necessary patches to address security updates : - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...