134 matches found
RedHat Update for perl RHSA-2011:1424-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Stack overflow
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled,...
CVE-2011-4875
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled,...
RHEL 6 : perl (RHSA-2011:1424)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1424 advisory. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflo...
Moderate: Red Hat Security Advisory: perl security update
Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...
Cross site scripting
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...
Apache Struts2 XWork ParameterInterceptor security bypass
Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...
Apache Struts2 XWork ParameterInterceptor security bypass
Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...
[SECURITY] Fedora 11 Update: gnustep-base-1.18.0-9.fc11
The GNUstep Base Library is a powerful fast library of general-purpose, non-graphical Objective C classes, inspired by the superb OpenStep API but implementing Apple and GNU additions to the API as well. It includes for example classes for unicode strings, arrays, dictionaries, sets, byte streams...
HP Operations Manager SourceView ActiveX LoadFile / SaveFile Stack Overflows
The SourceView ActiveX control, a component of HP Operations Manager, installed on the remote Windows host reportedly is affected by buffer overflows that can be triggered by passing specially crafted Unicode strings to the 'LoadFile' or 'SaveFile' methods. If an attacker can trick a user on the...
Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)
The remote host is missing an update to rubygem-activesupport announced via advisory FEDORA-2009-9799. OpenVAS Vulnerability Test $Id: fcore20099799.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9799 rubygem-activesupport Authors: Thomas Reinke...
Fedora 11 : rubygem-actionpack-2.3.3-2.fc11 / rubygem-activesupport-2.3.3-2.fc11 (2009-9922)
A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue ha...
Novell eDirectory 8.8 SP5 Denial Of Service
Affected Software: Novell eDirectory 8.8 SP5 Vulnerability Description: Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to "8028 port" "8028" is the default port of Novell eDirectory Dhost Http Server, the attacke...
Novell eDirectory 8.8 SP5 Remote Denial of Service Exploit
No description provided by source. Affected Software: Novell eDirectory 8.8 SP5 Vulnerability Description: Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to "8028 port" "8028" is the default port of Novell...
Novell eDirectory 8.8 SP5 - Remote Denial of Service
Novell eDirectory 8.8 SP5 - Remote Denial of Service Affected Software: Novell eDirectory 8.8 SP5 Vulnerability Description: Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to "8028 port" "8028" is the default por...
Novell eDirectory 8.8 SP5 Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ========================================================== Novell eDirectory 8.8 SP5 Remote Denial of Service Exploit ========================================================== Affected Software: Novell eDirectory 8.8 SP5 Vulnerability Descriptio...
Novell eDirectory 8.8 SP5 - Remote Denial of Service
Affected Software: Novell eDirectory 8.8 SP5 Vulnerability Description: Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to "8028 port" "8028" is the default port of Novell eDirectory Dhost Http Server, the attacke...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
Cross site scripting
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...