openSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)

ruby19 was updated to fix various bugs and security issues: Update to 1.9.3 p385 bnc802406 - XSS exploit of RDoc documentation generated by rdoc CVE-2013-0256 - for other changes see /usr/share/doc/packages/ruby19/Changelog Update to 1.9.3 p327 bnc789983 - CVE-2012-5371 and plenty of other fixes...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)

The Mozilla suite received following security updates bnc783533 : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 bmo798045 Miscellaneous memory safety...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)

Fix a file conflict between -devel and -headless package - Update to 2.4.4 bnc858818 - changed from xz to gzipped tarball as the first was not available during update - changed a keyring file due release manager change new one is signed by 66484681 from [email protected], see...

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension call...

Fedora Update for stunnel FEDORA-2014-5337

Check for the Version of stunnel OpenVAS Vulnerability Test Fedora Update for stunnel FEDORA-2014-5337 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: python-pillow-2.0.0-13.gitd1c6db8.fc19

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

A remote code execution vulnerability has been reported in Mozilla Firefox. The Chrome Object Wrapper COW implementation does not properly interact with failures of InstallTrigger methods. By exploiting this, remote attacker could execute arbitrary JavaScript code with chrome privileges via a...

dompdf 0.6.0 Arbitrary File Read Vulnerability

Exploit for php platform in category web applications Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is...

PHP libxml RSHUTDOWN安全限制绕过漏洞(CVE-2012-1171)

BUGTRAQ ID: 65673 CVECAN ID: CVE-2012-1171 PHP是一种HTML内嵌式的语言。 PHP 5.x版本内的libxml RSHUTDOWN函数可使远程攻击者在用自定义流封装器时调用streamclose方法，绕过openbasedir保护机制，读取敏感文件。 0 PHP PHP 5.5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

PHP Filter Wrapper Information Disclosure

An information disclosure vulnerability has been reported in the PHP filter wrapper function. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

Design/Logic Flaw

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

CVE-2012-1171 affects PHP 5.x via the libxml RSHUTDOWN function, enabling a remote attacker to bypass open_basedir protections and read arbitrary files when a custom stream wrapper is in use. The issue is triggered by a stream_close call during wrapper usage, which bypasses the intended directory...

CVE-2014-1479

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

CVE-2011-4613

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

DEBIAN-CVE-2011-4613

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

Design/Logic Flaw

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

CVE-2011-4613

The CVE-2011-4613 issue affects the X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux, where input TTY verification can bypass access restrictions by misinterpreting stdin as the console TTY. This is a local vulnerability that could allow bypassing restrictions during X sta...