Debian Security Advisory DSA 2399-2 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2399-2. OpenVAS Vulnerability Test $Id: deb23992.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2399-2 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

[SECURITY] [DSA 2399-2] php5 regression fix

------------------------------------------------------------------------- Debian Security Advisory DSA-2399-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq -...

UPDATE: Slammed And Blasted A Decade Ago, Microsoft Got Serious About Security

UPDATE: A decade ago this week, Chairman Bill Gates kicked off the Trustworthy Computing Initiative at Microsoft with a company-wide memo. The echoes of that memo still resonate throughout the software industry today as other firms, from Apple to Adobe, and Oracle to Google have followed the path...

Nessus 4.4.0 New version release !

Finally, an updated version of Nessus is out after a long time! This is Nessus version 4.4.0 "The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of yo...

Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories

Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | August 12, 2010 Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflow...

Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)

The remote host is missing an update to java-1.6.0-openjdk announced via advisory MDVSA-2009:162. OpenVAS Vulnerability Test $Id: mdksa2009162.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:162 java-1.6.0-openjdk Authors: Thomas Reinke Copyright:...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1)

It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubunt...

lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles

cmsxform.c in LittleCMS aka lcms or liblcms 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."...

Ubuntu USN-745-1 (xulrunner-1.9)

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-745-1. OpenVAS Vulnerability Test $Id: ubuntu7451.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7451.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-745-1 xulrunner-1.9 Author...

Mozilla privilege escalation via XPCnativeWrapper pollution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to 1 the document.loadBindingDocument...

Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...

JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...

Sun Java JRE Multiple Vulnerabilities (233321-233327)

The version of Sun Java Runtime Environment JRE installed on the remote host is affected by one or more security issues : - Two vulnerabilities in the JRE VM may independently allow an untrusted application or applet downloaded from a website to elevate its privileges 233321. - When processing XS...

DEBIAN-CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Nicolas Gregoire exaprobe.com has discovered two vulnerabilities that exist only on a webserver where PHP safemode is off. These vulnerabilities could lead to...

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...

phpmyadmin -- command execution vulnerability

A phpMyAdmin security announcement reports: Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed. Enabling PHP safe mode on the server can...