CVE-2011-5123

CVE-2011-5123 affects the Antivirus component of Comodo Internet Security (before 5.3.175888.1227). The vulnerability arises because the antivirus does not check whether X.509 certificates in signed executable files have been revoked. The provided documents state an unknown impact and potential r...

py39-Elixir -- weak use of cryptography

Red Hat Security Response Team reports: Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

PT-2012-1362 · 3D · 3D Eqsecure Professional Edition

Name of the Vulnerable Software and Affected Versions: 3D EQSecure Professional Edition version 4.2 Description: A race condition in the software allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by...

Fedora Update for xfig FEDORA-2012-11813

Check for the Version of xfig OpenVAS Vulnerability Test Fedora Update for xfig FEDORA-2012-11813 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

[SECURITY] Fedora 16 Update: xfig-3.2.5-32.b.fc16

Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats e.g., X11 bitmaps, Encapsulated PostScript, LaTeX. You should install...

[SECURITY] Fedora 17 Update: xfig-3.2.5-32.b.fc17

Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats e.g., X11 bitmaps, Encapsulated PostScript, LaTeX. You should install...

OpenDocMan 1.2.6.1 Cross Site Request Forgery

Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz: @aviadgolan , @benhayak,...

JPM Article Blog Script 6 - tid Cross-Site Scripting

JPM Article Blog Script 6 - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/55112/info JPM Article Blog Script 6 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Fedora Update for python-djblets FEDORA-2012-11576

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-4332

The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK...

Fedora Update for rubygem-actionpack FEDORA-2012-11353

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-2966

CVE-2012-2966 affects Caucho Quercus as distributed in Resin prior to 4.0.29. The issue arises because POST parameters cause overwriting of entries in the SERVER superglobal array, via the Quercus/Resin handling, with unspecified impact and remote attack vectors described in multiple sources. The...

CVE-2012-2965

CVE-2012-2965 affects Caucho Quercus on Resin prior to version 4.0.29. The vulnerability arises from improper handling of unspecified characters in variable names, related to an HTTP Parameter Contamination issue, with unknown impact and remote attack vectors. Remediation per multiple sources is ...

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120424)

Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType OTS, used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute...

CentOS Update for thunderbird CESA-2012:0388 centos5

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2012:0388 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for thunderbird CESA-2011:1165 centos4 x86_64

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2011:1165 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CentOS Update for thunderbird CESA-2012:0516 centos6

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2012:0516 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for firefox CESA-2012:0387 centos6

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2012:0387 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...