PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow

=== Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You can see 1 snprintf copy statement to "query...

DSA-2089-1 php5 - several vulnerabilities

Bulletin has no description...

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

CVE-2010-2929

Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...

Design/Logic Flaw

Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...

CVE-2010-2929

Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...

CVE-2010-2929

The CVE-2010-2929 entry identifies an untrusted search path vulnerability in hsolinkcontrol (part of hsolink 1.0.118). The underlying issue is a modified PATH environment variable that is used when executing the programs route, mv, and cp, enabling local users to gain privileges through PATH mani...

CVE-2010-2929

Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the 1 route, 2 mv, and 3 cp programs, a different vulnerability than CVE-2010-1671...

MDVA-2009:207 : tcsh

Tcsh as shipped with Mandriva Linux 2010.0 would abort on startup with the Unknown colorls variable mh. error, caused by inability to handle the MULTIHARDLINK color parameter bug 53139. This update fixes this issue. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associate...

Mandriva Update for php MDVSA-2010:139 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:139 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

Memory corruption

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or...

Microsoft Office Access ActiveX Controls Remote Code Execution Vulnerabilities (982335)

This host is missing a critical security update according to Microsoft Bulletin MS10-044. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

IrcDelphi Daemon Server - Denial of Service

IrcDelphi Daemon Server - Denial of Service DCA-0010 Software - IrcDelphi Daemon Server Vendor Product Description - IRC Daemon IRCd, IRC Server coded in Delphi/Kylix using Indy components. Easy to use and light irc daemon. Bug Description - The IRC Daemon does not sanitize the variable NICK...

Фрагментированные sql инъекции

На основе PHP + MYSQL + Рассмотрим вариант проведение sql injection с использованием функций усечения строк, на примере функции substr Структура БД: Цитата: CREATE TABLE stats id int unsigned not null PRIMARY KEY AUTOINCREMENT, ip varchar16, useragent varchar255, referer varchar255; --- Скрипт: P...

cyask system background Getshell vulnerabilities-vulnerability warning-the black bar safety net

cyask will set the parameters to the write cache, the write cache when removed from the database unfiltered data directly to write the file, resulting in can get webshell Analysis: admin/settingmanage. php file: ? php adminfooter; exit; elseif$adminaction=='settingedit' ifisset$POST'editsubmit'...

openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0346-1)

"This update of the Samba server package fixes security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra...

Fedora 12 : systemtap-1.1-1.fc12 (2010-0688)

Fixes CVE-2009-4273 Bugzilla 550172: https://bugzilla.redhat.com/showbug.cgi?id=CVE-2009-4273 New upstream release containing new features and bug fixes: better support for gcc 4.5 richer DWARF debuginfo, new preprocessor conditional for kernel 'CONFIG' testing, improved experimental unprivileged...

SuSE9 Security Update : Samba (YOU Patch Number 12622)

This update of the Samba server package fixes the following security issue : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 Also, the following bug has been fixed : - An uninitialized...