4967 matches found
[SECURITY] Fedora 23 Update: drupal7-views-3.14-1.fc23
You need Views if: You like the default front page view, but you find you want to sort it differently. You like the default taxonomy/term view, but you find you want to sort it differently; for example, alphabetically. You use /tracker, but you want to restrict it to posts of a certain type. You...
Vulnerability of WebLogic Server software, allowing a remote attacker to compromise protected information
The vulnerability exists in Oracle Mojarra due to incorrect encoding when using the tag or EL-expressions after a script or style block. Exploiting this vulnerability allows malicious individuals to perform cross-site scripting attacks XSS remotely...
ImageMagick 7.x < 7.0.1-10 Multiple Vulnerabilities
The remote Windows host has a version of ImageMagick installed that is 7.x prior to 7.0.1-10. It is, therefore, affected by the following vulnerabilities : - An overflow condition exists in the ReadRLEImage function in rle.c due to improper validation of user-supplied input. An unauthenticated,...
Updated libjpeg packages fix security vulnerability
Updated libjpeg packages fix security vulnerability: Out-of-Bounds Read in libjpeg-turbo before 1.5.0 via unusually long Blocks in MCU LJT-01-005...
SUSE-SU-2016:1528-1 Security update for openssh
openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to...
Microsoft Windows Secondary Logon Denial of Service (MS16-046: CVE-2016-0135)
A remote denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles memory blocks while using the LSARPC protocol. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...
Castle Blocks - Exported components, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Castle Blocks published at the 'play' market has multiple vulnerabilities...
Slenderman Blocks - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Slenderman Blocks published at the 'play' market has multiple vulnerabilities...
Blocks: Lines - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Blocks: Lines published at the 'play' market has multiple vulnerabilities...
Clever Blocks - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Clever Blocks published at the 'play' market has multiple vulnerabilities...
Sticky Blocks Sliding Puzzle - Exported components, External URLs, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Sticky Blocks Sliding Puzzle published at the 'play' market has multiple vulnerabilities...
Winter Blocks - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Winter Blocks published at the 'play' market has multiple vulnerabilities...
Lucky Blocks For Mcpe - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Lucky Blocks For Mcpe published at the 'play' market has multiple vulnerabilities...
Drupal Field as Block module information disclosure vulnerability (CNVD-2015-07619)
Drupal is the use of PHP language written in open source content management framework , which consists of a content management system and PHP development framework together.Field as Block module for Drupal is a Drupal field as a block and in the node to display the page is configured to the vario...
Phabricator: Information leakage through Graphviz blocks
This report amounts to Unsandboxed Command Execution Considered Harmful, which you already suspected: https://secure.phabricator.com/T7785 Graphviz blocks can be used to view a render of any image file readable by the webserver, through the image and shapefile graph node attributes. This alone...
PHP unserialize() Use-After-Free Vulnerabilities
Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...
PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free
Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.8.27 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and crafted object's wakeup magic method that ca...
CVE-2015-5513
Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...
CVE-2015-5513
Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...
CVE-2015-5513
CVE-2015-5513 affects Drupal via the Shibboleth authentication module (versions 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2). The root cause is an XSS flaw allowing remote authenticated users with the Administer blocks permission to inject arbitrary scripts/HTML through an unspecified vecto...