Hello Jan,
in version 2.0.5 the discussed vulnerable like looks like this:
command = g_strdup_printf ("/bin/sh %s %s > %s"
" 2> /dev/null",
script,
xml_file,
out
Title:
==
iDev Rentals v1.0 - Multiple Web Vulnerabilities
Date:
=
2012-11-14
References:
===
http://www.vulnerability-lab.com/get_content.php?id=760
VL-ID:
=
758
Common Vulnerability Scoring System:
3.5
Introduction:
=
Summary
===
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility o
Advisory ID: HTB23122
Product: BabyGekko
Vendor: babygekko.com
Vulnerable Version(s): 1.2.2e and probably prior
Tested Version: 1.2.2e
Vendor Notification: October 24, 2012
Vendor Patch: November 4, 2012
Public Disclosure: November 14, 2012
Vulnerability Type: SQL Injection [CWE-89], PHP File In
Hello Tim,
thank you for the heads up and notification.
The versions of openvas-manager package, as shipped with Fedora release of 16
and release of 17 is based on upstream 2.0.5 version yet. From what I have
looked
and can tell from upstream advisory and patch (for 3.0.X version):
[1] http://
Following our presentation at POC2012 [1] conference, we have released:
a paper [2] regarding a NULL pointer dereference vulnerability affecting
Call of Duty: Modern Warfare 3 [3], and a video [4] demonstrating a remote
code execution vulnerability affecting CryEngine 3 [5].
[1] http://powerofcom