86 matches found
CVE-2015-4249
CVE-2015-4249 entry is rejected; not an active vulnerability entry and not used in security assessments.
CVE-2015-4249
...
Oracle Business Intelligence Mobile App Designer Information Disclosure (CVE-2014-4249)
An information disclosure vulnerability exists in Oracle Business Intelligence Mobile App Designer. The vulnerability is due to insufficient input validation of certain parameters. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable...
CVE-2014-4249
CVE-2014-4249 affects Oracle Fusion Middleware 11.1.1.7’s BI Publisher Mobile Service. The vulnerability is an information-disclosure issue with unknown vectors that could affect confidentiality. Root cause and affected components are described as an unspecified vulnerability in the Mobile Servic...
CVE-2013-4249
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
CVE-2013-4249
CVE-2013-4249 affects Django’s AdminURLFieldWidget in contrib/admin/widgets.py, enabling XSS via URLField input. The issue is in Django 1.5.x prior to 1.5.2 and 1.6.x prior to 1.6 beta 2, where user-supplied URLs can inject script/HTML. In the connected records, upstream Django issued security re...
Django is_safe_url() 跨站脚本 和 URLField 脚本插入漏洞
CVECAN ID: CVE-2013-4249 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4、1.5没有正确过滤django.contrib.admin的URLField字段、django.utils.http.issafeurl函数utils/http.py 的URL重定向相关输入没有被正确过滤,可被利用插入任意HTML和脚本代码,导致这些恶意代码被查看时,会在受影响站点上下文的浏览器会话中执行。 0 Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Fedora Update for python-django FEDORA-2013-14797
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-django packages fix CVE-2013-4249
Updated python-django package fixes security vulnerability: The issafeurl function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. CVE-2013-42...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2010)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2010 advisory. - block check for proper length of iov entries earlier in blkrqmapuseriov Xiaotian Feng CVE-2010-4668 - scm: lower SCMMAXFD Eric Dumazet...
Oracle Linux 4 : kernel (ELSA-2011-0162)
From Red Hat Security Advisory 2011:0162 : Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVS...
Oracle Linux 5 : kernel (ELSA-2011-0303)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0303 advisory. - net fix unix socket local dos Neil Horman 656759 656760 CVE-2010-4249 - net core: clear allocs for privileged ethtool actions Jiri Pirko 672432 67243...
CVE-2012-4249
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than...
CVE-2012-4249
The vulnerability CVE-2012-4249 affects Amazon Kindle Touch prior to 5.1.2, specifically the com.lab126.system sendEvent implementation. The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, demonstrated by lipc-set-prop to set an LIPC pr...
CentOS Update for kernel CESA-2011:0303 centos5 x86_64
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2011:0303 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for kernel CESA-2011:0162 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for kernel CESA-2011:0303 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)
This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. This update fixes the following security issues : - X.25 remote DoS. CVE-2010-3873. bnc651219 - X.25 remote Dos. CVE-2010-4164. bnc653260 - 1 socket local DoS. CVE-2010-4249. bnc655696 -...
RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 (Windows)
This host is installed with RealPlayer which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodrealplayermultvulnnov11win.nasl 7052 2017-09-04 11:50:51Z teissa $ RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 Windows Authors: Madhuri D Copyright: Copyright c...
CVE-2011-4249
RealPlayer (Windows) before 15.0.0 is affected by CVE-2011-4249 due to an array index error in the RV30 codec during parsing of RV30 data, enabling remote code execution. ZDI notes the flaw allows code execution on vulnerable installations and requires user interaction (visiting a malicious page ...