Смотрите также связанные темы
28.04.2018 HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1SUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: c01723303Version: 1HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary CodeNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Release Date: 2009-04-27Last Updated: 2009-04-27Potential Security Impact: Remote execution of arbitrary codeSource: Hewlett-Packard Company, HP Software Security Response TeamVULNERABILITY SUMMARYA potential vulnerability has been identified with HP OpenView Network Node Man...
03.02.2018 2009-02-02 - [slackware-security] xdg-utils (SSA:2009-033-01)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] xdg-utils (SSA:2009-033-01)New xdg-utils packages are available for Slackware 12.2 and -current tofix security issues. Applications that use /etc/mailcap could be trickedinto running an arbitrary script through xdg-open, and a separate flaw inxdg-open could allow the execution of arbitrary commands embedded in untrustedinput provided to xdg-open.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename...
26.01.2018 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01971741 Version: 1 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-01-19 Last Updated: 2010-01-19 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Power Manager. The vulnerabi...
10.03.2018 2009-03-10 - [slackware-security] curl (SSA:2009-069-01)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] curl (SSA:2009-069-01)New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,12.0, 12.1, 12.2, and -current to fix a security issue.More details about this issue may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037Here are the details from the Slackware 12.2 ChangeLog:+--------------------------+patches/packages/curl-7.19.4-i486-1_slack12.2.tgz: Upgraded to curl-7.19.4. &n...
11.09.2018 CVE-2014-2223
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
22.12.2018 CVE-2009-4140
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3 and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
17.05.2018 CVE-2010-0998
Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect.
09.10.2018 Three-Quarters of Internet Users Can’t Recognize an Online Threat, Kaspersky Lab’s Quiz Shows
Kaspersky Lab has found that three-quarters (74%) of Internet users would download a potentially malicious file, because they lack the ‘cyber-savviness’ they need to spot dangers online
18.08.2018 CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
14.08.2018 CVE-2008-3699
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
|
