[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1830 Download | Alert*

A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name . The updated packages have been patched to correct this issue.

Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program . The updated packages have been patched to correct this issue.

Two vulnerabilities were found in the Website META Language package that allowed local users to overwrite arbitrary files via symlink attacks. The updated packages have been patched to correct these issues.

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Multiple vulnerabilities were discovered and corrected in php-pear : Argument injection vulnerability in the sendmail implementation of the Mail::Send method in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector than CVE-2009-4111 . Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, ...

This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability. Update: The wrong package was uploaded for 2009.1. This update addresses that problem.

A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla . Packages for 2009.0 are provided as of the Extended Maintenance Program

A vulnerability has been found and corrected in tomboy: The tomboy and tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2 . The updated packages have bee ...

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability.


Pages:      Start    165    166    167    168    169    170    171    172    173    174    175    176    177    178    ..   182

© SecPod Technologies