Tony Zeoli, Tony Hayes Security Vulnerabilities

CVE-2009-4867

Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist...

Oracle Enterprise Linux 5.5 kernel security and bug fix update

[2.6.18-194.el5] - [net] mlx4: pass attributes down to vlan interfaces (Doug Ledford) [573098] - [block] cfq-iosched: fix sequential read perf regression (Jeff Moyer) [571818] [2.6.18-193.el5] - [fs] gfs2: locking fix for potential dos (Steven Whitehouse) [572390] {CVE-2010-0727} - [acpi]...

CA20100223-01: Security Notice for CA eHealth Performance Manager

-----BEGIN PGP SIGNED MESSAGE----- CA20100223-01: Security Notice for CA eHealth Performance Manager Issued: February 23, 2010 CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to.....

http-vmware-path-vuln NSE Script

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html). Script Arguments slaxml.debug See the documentation for...

CentOS 5 : nfs-utils-lib (CESA-2007:0951)

An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contains support libraries that are needed by the commands....

Dell Windows 7 upgrade program for free application vulnerability-vulnerability warning-the black bar safety net

Dell to 7 Introduction The Dell™ Windows® 7 upgrade option program, to provide users with an upgrade to Windows® 7 operating system support for client the the PC more streamlined. Today the plan is broke there are application vulnerabilities exist, comparable to a time before online much noise...

VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal

...

VMware Server 2.0.1 ESXi Server 3.5 - Directory Traversal

VMware Server 2.0.1 ESXi Server 3.5 - Directory...

CVE-2009-3574

Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer...

Unfixed XSS vulnerability at www.buffaloapartments.com

Security researcher Xylitol, has submitted on 10/01/2009 a cross-site-scripting (XSS) vulnerability affecting www.buffaloapartments.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2011. It is...

Oracle Enterprise Linux 5.4 kernel security and bug fix update

[2.6.18-164.el5] - [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396] - [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429] - [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870] - [net] udp: socket NULL ptr dereference (Vitaly...

Oracle Enterprise Linux 4.8 kernel security and bug fix update

[2.6.9-89] -fix regression in cxgb3 driver spin_lock usage (Andy Gospodarek) [495557] -cxgb3: fixup possible workqueue deadlocks (Andy Gospodarek) [495558] -e1000: network driver doesn t reset nic during shutdown and prevents pxe reloads (George Beshers) [465620] -cxgb3: fix msix bringup so we...

WebKit - 'parent/top' Cross Domain Scripting

...

WebKit - parenttop Cross Domain Scripting

WebKit - parenttop Cross Domain...

Blue Moon Security Advisory 2009-04

...

[BMSA 2009-04] Remote DoS in Internet Explorer

BLUE MOON SECURITY ADVISORY 2009-04 :Title: Remote Denial of Service in Internet Explorer :Severity: Moderate :Reporter: Blue Moon Consulting :Products: Internet Explorer 7 and 8 :Fixed in: -- Description We could not find out the definitive description for Internet Explorer from Microsoft...

kernel security and bug fix update

[2.6.18-128.1.6.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki,Guru Anbalagane) [orabug 6045759] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [nfs] convert...

CVE-2009-0727

SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid...

Oracle Enterprise Linux 5.3 kernel security and bug fix update

[2.6.18-128.el5] - [cifs] cifs_writepages may skip unwritten pages (Jeff Layton ) [470267] [2.6.18-127.el5] - Revert: [i386]: check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [476184] - [xen] re-enable using xenpv in boot path for FV guests (Don Dutile ) [473899] - [xen] pv_hvm: guest...

kernel security and bug fix update

[2.6.9-78.0.13.0.1.EL] - fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) [orabug 5931647] - fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) [orabug 6845794] - fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128] -...

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

Shindig-Integrator integrates the open social Shindig container with Drupal. The module contains numerous flaws. Among them are the following issues. Malicious users are able to insert arbitrary HTML and script code into certain module generated pages. Such a Cross site scripting vulnerability...

Updated kernel packages for Oracle Enterprise Linux 4.7

[2.6.9-78] -alsa: Fix mic not working for HP XW series (Brian Maly) [453783] [2.6.9-77] -alsa: Add missing quirks for alc262 (Brian Maly) [453783] -Revert 'i8042: remove polling timer support - Original bz 246233' (Vivek Goyal) [450918] [2.6.9-76] -tty: fix tty holes (Vivek Goyal) [453155]...

kernel security and bug fix update

[2.6.9-67.0.20.0.1.EL] - fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) [orabug 6845794] - fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) [orabug 5931647] - fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128] - fix...

kernel security and bug fix update

[2.6.9-67.0.15.0.1.EL] - fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) [orabug 6845794] - fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) [orabug 5931647] - fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128] - fix...

GLSA-200803-28 : OpenLDAP: Denial of Service vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-28 (OpenLDAP: Denial of Service vulnerabilities) The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of 'objectClasses' (CVE-2007-5707). Thomas...

OpenLDAP: Denial of Service vulnerabilities

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of "objectClasses" (CVE-2007-5707). Thomas...

To the shell. the application object of the vulnerability description-vulnerability warning-the black bar safety net

Environment: in 2kserver+iis5 successfully, the permissions default iis permissions: scripts executable Description: in the 2K server on the default you can use the server. the createobject method to Use the already installed components such as everyone knows the ADO database controls,but in...

nfs security update

CentOS Errata and Security Advisory CESA-2007:0951 The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer...

RHEL 5 : nfs-utils-lib (RHSA-2007:0951)

An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contains support libraries that are needed by the commands....

(RHSA-2007:0951) Important: nfs-utils-lib security update

The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A....

EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability

VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High (Code Execution) Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2...

MS07-0 2 9-Microsoft stay injury-vulnerability and early warning-the black bar safety net

Author: day の wing httP://Shit.Xmd5.com Tool on My Network Hard Drive http://free. ys168. com/? okdgltc Directory: dd password: ddd Preface: MS07-0 2 9, Windows A domain name System (DNS) Server service Remote Procedure Call (RPC) management interface in the presence of a stack-based buffer...

CVE-2007-2459

Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP...

Unfixed XSS vulnerability at tony-montana.naturalforum.net

Security researcher Airrox, has submitted on 04/12/2007 a cross-site-scripting (XSS) vulnerability affecting tony-montana.naturalforum.net, which at the time of submission ranked 76755 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/12/2007......

Unfixed XSS vulnerability at www.lulea.se

Security researcher Uber0n, has submitted on 02/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.lulea.se, which at the time of submission ranked 395070 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/10/2007. It is currently.....

From the IE pop-up ads look at rogue software principles-vulnerability warning-the black bar safety net

A lot of people affected by IE automatically pop-up ads plaguing it, here is a solution ideas, you can get the use of BHO（Browser Helper Objects, browser helper module, making waves of malware. Unfortunately this method is still relatively complex, only the master in use, I hope the master can...

CVE-2006-4160

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3)...

CVE-2006-4160

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3)...

CVE-2006-4160

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3)...

Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service

...

Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service

Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of...

CVE-2006-0053

Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer...

Tony Cook Imager 0.4x - .JPEG .TGA Images Denial of Service

Tony Cook Imager 0.4x - .JPEG .TGA Images Denial of...

Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service

...

CVE-2006-0972

SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by...

CVE-2006-0972

SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by...

Sql injection

SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by...

CVE-2006-0972

SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by...

PHP Mail Function Header Spoofing Vulnerability

The remote host is running a version of PHP <= 4.2.2. The mail() function does not properly sanitize user input. This allows users to forge email to make it look like it is coming from a different source other than the server. Users can exploit this even if SAFE_MODE is...

Microsoft IIS UNC Mapped Virtual Host Vulnerability

Your IIS webserver allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to...