434 matches found
FreeBSD : phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability (f682a506-df7c-11e5-81e4-6805ca0b3d42)
The phpMyAdmin development team reports : XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
Microsoft Windows Buffer Overflow Vulnerability
Microsoft Windows is a series of operating systems designed for personal computer and server users from the American company Microsoft. Microsoft Windows 8.1,Windows Server 2012 Gold R2,Windows 10 There is a buffer overflow vulnerability that allows a remote attacker to execute arbitrary code by...
Path traversal
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of...
CVE-2015-7036
The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...
Sql injection
The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...
CVE-2015-7036
The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a SQL command that triggers an API call with a crafted pointer value in the second argument...
Open-Xchange (OX) App Suite SQL Injection Vulnerability (Oct 2015)
Open-Xchange OX App Suite is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-5703
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Soreco AG Xpert.Line 3.0 Authentication Bypass
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Author: Alessandro Zala [email protected] Andreas Hunkeler...
phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3) (deprecated)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1. It is, therefore, potentially affected by multiple vulnerabilities: - An attacker cou...
FreeBSD : phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities (c6e31869-f99f-11e4-9f91-6805ca0b3d42)
The phpMyAdmin development team reports : XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...
Nearby Live: Group Invite not properly authenticated
There is no check whether the inviting user is allowed to invite a user into a group and through manipulation a user may sent themself and invite to any group. Example: Group A created by User 1 with Owner invitation only with ID x User 2 sends malicious himself invite with ID x and receives invi...
Code injection
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...
CVE-2014-9593
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...
CVE-2014-9593
Apache CloudStack is affected by CVE-2014-9593: before 4.3.2 and 4.4.x before 4.4.2, the listSslCerts API call can disclose private keys. Likely impact is information disclosure of SSL private keys. The remediation in the connected records is to upgrade to CloudStack 4.3.2+ or 4.4.2+ (i.e., fixed...
CVE-2014-7136
Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...
Heap overflow
Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...
CVE-2014-7136
Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...