20 matches found
Fedora: Security Advisory for libreswan (FEDORA-2023-a2348480cb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-16380 · WordPress · Likebtn
Name of the Vulnerable Software and Affected Versions: LikeBtn WordPress plugin versions prior to 2.6.38 Description: The issue concerns a lack of authorization and CSRF checks in the likebtn export votes AJAX action. This could allow any authenticated user, such as a subscriber, to obtain a list...
WordPress Plugins Like Button Rating LikeBtn 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress Plugins Like Button Rating LikeBtn An informati...
CSP MySQL User Manager 2.3.1 - Authentication Bypass
Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip Version:...
CSP MySQL User Manager 2.3.1 SQL Injection Vulnerability
CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: CSP MySQL User Manager v2.3.1 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Exploit Author: Youssef mami Vendor Homepage...
CSP MySQL User Manager 2.3.1 SQL Injection
Exploit Title: CSP MySQL User Manager v2.3.1 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Date: 04/05/2018 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link:...
F5 Networks BIG-IP : Linux kernel vulnerabilities (K62700573)
CVE-2010-5313 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. CVE-2014-7842 Race condition in...
CSP MySQL User Manager 2.3 SQL Injection
Exploit Title: CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Date: 8/1/2013 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/p/cspmum/ Software Link:...
CVE-2011-1478
CVE-2011-1478 affects the Linux kernel’s GRO napi_reuse_skb path: it does not reset certain structure members in net/core/dev.c, enabling a remote attacker to trigger a NULL pointer dereference via a malformed VLAN frame and cause a denial of service. The vulnerability is present in kernels befor...
kernel: drivers/scsi/mpt2sas: prevent heap overflows
Integer overflow in the ctldomptcommand function in drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service memory corruption via an ioctl call specifying a crafted value that triggers a heap-based buffer...
Linux Kernel "icmp_send()"空指针引用远程拒绝服务漏洞
BUGTRAQ ID: 47872 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel "icmpsend"在实现上存在空指针引用远程拒绝服务漏洞,远程攻击者可利用此漏洞造成受影响内核崩溃,拒绝服务合法用户,也可能执行任意代码。 在函数icmpsend net/ipv4/icmp.c中,发送到devnet函数的参数没有正确验证,可导致使内核崩溃的空指针引用。攻击者可利用此bug并造成指定目标或任何连接到本地网络上的2.6.38.x机器的DoS攻击。要造成崩溃,攻击者需要用IPv4碎片报文冲击目标。IP报文中的重要字段: Flags:...
Linux Kernel 2.6.38 Remote NULL Pointer Dereference
Linux Kernel 2.6.38 Remote NULL Pointer Dereference ==================================================== Advisory Information Title: Linux kernel 2.6.38: Remote NULL pointer dereference Release date: 11/05/2011 Last update: 11/05/2011 Credits: Aristide Fattori, Universitа degli Studi di Milano...
CVE-2011-1494
Integer overflow in the ctldomptcommand function in drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service memory corruption via an ioctl call specifying a crafted value that triggers a heap-based buffer...
Linux Kernel SCTP INIT/INIT-ACK块长度远程拒绝服务漏洞
Bugtraq ID: 47308 Linux是一款开放源代码的操作系统。 在计算INIT/INIT-ACK块长度时,代码只计算了参数长度,而没有计算参数的零填充长度,如AUTH HMACS参数和CHUNKS参数。没有计算零填充长度参数可导致内核触发oops。 Linux kernel 2.6.38 Linux kernel 2.6.37 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux...
PT-2011-2914 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue is related to the osf partition function in the Linux kernel, which does not properly handle an invalid number of partitions. This might allow local users to obtain potentially...
kernel: av7110 negative array offset
The dvbcaioctl function in drivers/media/dvb/ttpci/av7110ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a negative value...
PT-2012-1501 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue allows local users to cause a denial of service, resulting in memory corruption and system crash, by sending IGMP packets to a local interface when a certain Ethernet bridge...
Code injection
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for 1 closed loops or 2 deep chains, which allows local users to cause a denial of service deadlock or stack memory consumption via a crafted application tha...
CVE-2011-1082
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for 1 closed loops or 2 deep chains, which allows local users to cause a denial of service deadlock or stack memory consumption via a crafted application tha...
PT-2011-2859 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue allows local users to cause a denial of service, resulting in either a deadlock or stack memory consumption, by making epoll create and epoll ctl system calls via a crafted...