Adobe Illustrator Detection

Adobe Corporation's Illustrator software, a vector graphics editing tool, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43860; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31";...

Potential XSS vector in Zend_Filter_StripTags when comments allowed

More info at https://framework.zend.com/security/advisory/ZF2010-03...

Potential XSS vector in Zend_Dojo_View_Helper_Editor

More info at https://framework.zend.com/security/advisory/ZF2010-02...

Potential XSS vector in Zend_Service_ReCaptcha_MailHide

More info at https://framework.zend.com/security/advisory/ZF2010-05...

CentOS 5 : kdegraphics (CESA-2009:1130)

Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment KDE. Scalabl...

Zend Framework -- multiple vulnerabilities

The Zend Framework team reports: Potential XSS or HTML Injection vector in ZendJson. Potential XSS vector in ZendServiceReCaptchaMailHide. Potential MIME-type Injection in ZendFileTransfer Executive Summary. Potential XSS vector in ZendFilterStripTags when comments allowed. Potential XSS vector i...

Fedora Core 12 FEDORA-2009-13700 (kernel)

The remote host is missing an update to the linux kernel announced via advisory FEDORA-2009-13700. OpenVAS Vulnerability Test $Id: fcore200913700.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13700 kernel Authors: Thomas Reinke Copyright: Copyrigh...

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

Code injection

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL...

Authorization

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability HA scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors...

Fedora Core 10 FEDORA-2009-12652 (cups)

The remote host is missing an update to cups announced via advisory FEDORA-2009-12652. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Mandriva Security Advisory MDVSA-2009:311 (ghostscript)

The remote host is missing an update to ghostscript announced via advisory MDVSA-2009:311. OpenVAS Vulnerability Test $Id: mdksa2009311.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:311 ghostscript Authors: Thomas Reinke Copyright: Copyright c 2009...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

Fedora Core 11 FEDORA-2009-10861 (asterisk)

The remote host is missing an update to asterisk announced via advisory FEDORA-2009-10861. OpenVAS Vulnerability Test $Id: fcore200910861.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10861 asterisk Authors: Thomas Reinke Copyright: Copyright c 20...

Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)

The remote host is missing an update to ocaml-mysql announced via advisory FEDORA-2009-10582. OpenVAS Vulnerability Test $Id: fcore200910582.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10582 ocaml-mysql Authors: Thomas Reinke Copyright: Copyrigh...

Microsoft Pushes for Better Software Security Practices

WASHINGTON–Microsoft has spent several years and untold millions of dollars working on methods to write more secure and reliable software, and now the company is encouraging other organizations to make the same investment in software security. One of the outputs of the company’s software security...

Fedora Core 11 FEDORA-2009-10498 (rt3)

The remote host is missing an update to rt3 announced via advisory FEDORA-2009-10498. OpenVAS Vulnerability Test $Id: fcore200910498.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10498 rt3 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Mandriva Security Advisory MDVSA-2009:289 (kernel)

The remote host is missing an update to kernel announced via advisory MDVSA-2009:289. OpenVAS Vulnerability Test $Id: mdksa2009289.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:289 kernel Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...