haneWIN DNS Server Denial Of Service Vulnerability

This host is running haneWIN DNS server and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbhanewindnsserverdosvuln.nasl 6769 2017-07-20 09:56:33Z teissa $ haneWIN DNS Server Denial Of Service Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2014 Greenbone...

SSL/TLS: Certificate Too Long Valid

The remote server SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103958";...

CVE-2013-5725

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL...

libvirt security and bug fix update

0.10.2-18.0.1.el64.5 - Replace docs/et.png in tarball with blank image 0.10.2-18.el64.5 - daemon: Fix leak after listing volumes CVE-2013-1962 - Don't try to add non-existant devices to ACL rhbz958837 - Avoid spamming logs with cgroups warnings rhbz958837 - audit: Properly encode device path in...

User Authentication Vulnerability in Operational Management Function of Cosminexus

Overview The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached. Impact A remote attacker could delete and replace...

MS IE Information Disclosure and Web Site Spoofing Vulnerabilities

This host is installed with Microsoft Internet Explorer and is prone to information disclosure and web site spoofing vulnerabilities. OpenVAS Vulnerability Test $Id: gbmsieinfodiscnspoofvuln.nasl 6104 2017-05-11 09:03:48Z teissa $ MS IE Information Disclosure and Web Site Spoofing Vulnerabilities...

Buffalo TeraStation Multiple Security Vulnerabilities (Jan 2013)

Buffalo TeraStation is prone to an arbitrary file download and an arbitrary command-injection vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

CVE-2013-0005

The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...

Cisco DPC2420 Cross Site Scripting / File Disclosure

Cisco DPC2420 router is prone to a file disclosure and to a XSS vulnerability because it fails to sufficiently sanitize user supplied data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

DEBIAN-CVE-2012-3512

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart plugin...

Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via...

Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via...

Joomla 'com_easyfaq' Component Multiple SQL Injection Vulnerabilities

This host is running Joomla EasyFAQ component and is prone to multiple sql injection vulnerabilities. OpenVAS Vulnerability Test $Id: secpodjoomlacomeasyfaqsqlinjvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Joomla 'comeasyfaq' Component Multiple SQL Injection Vulnerabilities Authors: Sooraj KS...

Drupal Activity 6.x XSS Proof Of Concept

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exploit for bespoke: Install and enable the Activity and Flag modules Add a new Flag with an arbitrary name at ?q=admin/build/flags/add On the resulting page ?q=admin/build/flags/add/node/name enter "alert'xss';" for the flag Title View the rendered...

Windows Media Player Denial Of Service Vulnerability

This host is installed with Windows Media Player and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodwinmediaplayerdosvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Windows Media Player Denial Of Service Vulnerability Authors: Madhuri D Copyright: Copyright c 2011...

WebSVN Multiple XSS Vulnerabilities (Dec 2011)

WebSVN is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

PHPCMS_V9 /modules/comment/index.php 本地包含漏洞

由于PHPCMSV9文件attachments.php的未验证上传用户权限，可以上传文件仅图片。加上其他文件存在可以截断的本地包含漏洞，导致包含任意文件并获取webshell 文件\phpcms\modules\attachment\attachments.php codepublic function cropupload if isset$GLOBALS"HTTPRAWPOSTDATA" $pic = $GLOBALS"HTTPRAWPOSTDATA"; …… fileputcontents$this-uploadpath.$filepath.$newfile, $pic;/code...

php: use-after-free vulnerability in substr_replace()

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

GCI Trader MetaTrader v4.2.x - Null Pointer Vulnerability

Document Title: =============== GCI Trader MetaTrader v4.2.x - Null Pointer Vulnerability Release Date: ============= 2011-08-08 Vulnerability Laboratory ID VL-ID: ==================================== 111 Product & Service Introduction: =============================== Marktführende Software im...