kernel: net: incorrect SCM_CREDENTIALS passing

The scmsetcred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application...

Vulnerability in core server (CVE-2013-0255)

executing enumrecv with wrong parameters crashes server...

UBUNTU-CVE-2013-1580

The dissectcmstatustlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service infinite loop via a malform...

Carefully timed redirects can allow cross site scripting – Opera Security Advisories

Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed redirects can cause scripts to execute in the wrong security context in Opera. This allows cross site scripting XSS...

CVE-2012-0848

Heap-based buffer overflow in the wssnddecodeframe function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service application crash via a crafted media file, related to an incorrect calculation, aka "wrong samples count."...

CVE-2012-0848

Heap-based buffer overflow in the wssnddecodeframe function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service application crash via a crafted media file, related to an incorrect calculation, aka "wrong samples count."...

Mandriva Update for busybox MDVSA-2012:129-1 (busybox)

Check for the Version of busybox OpenVAS Vulnerability Test Mandriva Update for busybox MDVSA-2012:129-1 busybox Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Scientific Linux Security Update : pam_krb5 on SL5.x i386/x86_64

A flaw was found in pamkrb5. In some non-default configurations specifically, those where pamkrb5 would be the first module to prompt for a password, the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could us...

Skype privacy bug that can Send Messages To The Wrong Contacts

What if when you sent a message to someone, it had a very good chance of going to someone else in your contact list? That would be pretty scary right? That what some Skype users are reporting. The bug was first discussed in Skype's user forums, and seems to have followed a June 2012 update of the...

Cisco Application Control Engine privilege escalation

Context administrator can access wrong context...

Opera < 11.62 Multiple Vulnerabilities

Binary data 6399.prm...

CVE-2012-0848

Heap-based buffer overflow in the wssnddecodeframe function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service application crash via a crafted media file, related to an incorrect calculation, aka "wrong samples count."...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The kdbldap plugin in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference...

Ark 2.16 Directory Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110726 Date: 26th July 2011 Author: Tim Brown URL: / Product: Ark 2.16 Vendor: KDE Risk: Medium Summary The Ark archiving tool is vulnerable to directory traversal via malformed Zip files. When attempts are made...

Apache Tomcat information leakage

Under some conditions, information may be sent to wrong client...

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories OPCOM Team | January 28, 2011 Severity Low Affected versions This issue affects Opera for Microsoft Windows. Description Opera’s downloads manager allows users to select a file, and open the...

The wrong executable may be used to display a downloaded file in its folder

Opera's downloads manager allows users to select a file, and open the folder containing that file. This file will be opened using the operating system's file system viewer. In some cases, Opera will use the wrong executable when trying to show the folder view, and that executable may execute code...

Mandriva Update for heartbeat MDVA-2010:160-1 (heartbeat)

Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160-1 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

MDVA-2010:160-1 : heartbeat

The heartbeat package in the 2010.0 release had wrong permissions and ownership for /usr/bin/clstatus this prevented it from working correctly. Also when peers were outdated heartbeat didn't failover gracefully. This update fixes both these issues. Update: Packages for 2009.0 and MES5 were missin...

Mandriva Update for rpmdrake MDVA-2010:200 (rpmdrake)

Check for the Version of rpmdrake OpenVAS Vulnerability Test Mandriva Update for rpmdrake MDVA-2010:200 rpmdrake Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...