Fedora Update for rubygem-activerecord FEDORA-2013-0635

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-0635 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

DEBIAN-CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service crash via a long descriptor with a long vector length...

CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service crash via a long descriptor with a long vector length...

Java Applet AverageRangeStatisticImpl Remote Code Execution

This module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier. This module requires Metasploit:...

rubygem-actionpack: potential XSS vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

Fedora Update for inkscape FEDORA-2012-20620

Check for the Version of inkscape OpenVAS Vulnerability Test Fedora Update for inkscape FEDORA-2012-20620 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 16 Update: inkscape-0.48.4-1.fc16

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

[SECURITY] Fedora 17 Update: inkscape-0.48.4-1.fc17

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...

[SECURITY] Fedora 18 Update: inkscape-0.48.4-1.fc18

Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics SVG file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many...

Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10

Facebook’s security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkan...

SQL Injection Vulnerability in ImageCMS

High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in ImageCMS: CVE-2012-6290 The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to...

rubygem-actionpack: potential XSS vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

Internet shortcuts used for phishing in elements – Opera Security Advisories

Websites may occasionally want to display image content from untrusted sources. A phishing attack may be carried out by the untrusted source, by displaying malicious instructions on the image, or by navigating the containing page to a similar looking document on another server. Since some image...

Specially crafted SVG images can allow execution of arbitrary code – Opera Security Advisories

Opera can display images created using the Scalable Vector Graphics SVG format. Specially crafted and malformed SVG images may cause Opera to crash when their documents are unloaded, and the crash may allow execution of malicious arbitrary code. To inject code, additional techniques will have to ...

Multiple vulnerabilities in dotProject

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in dotProject, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection in dotProject: CVE-2012-5701 High-Tech Bridge Security Research Lab has discovered multiple SQL injection...

BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/56353/info bloofoxCMS is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Ubuntu Update for webkit USN-1617-1

Ubuntu Update for Linux kernel vulnerabilities USN-1617-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16171.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for webkit USN-1617-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...

Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk

More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...