[SECURITY] Fedora 21 Update: android-tools-20141219git8393e50-2.fc21

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

CVE-2015-1458

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcoreenableshellaccess and executing the "shell" command...

Nexus 5 Android 5.0 - Local Privilege Escalation

Nexus 5 Android 5.0 - Local Privilege Escalation / CVE-2014-4322 exploit for Nexus Android 5.0 author: retme [email protected] website: retme.net The exploit must be excuted as system privilege and specific SELinux context. If exploit successed,you will gain root privilege and "kernel" SELinux...

VideoLAN VLC Media Player Stack Buffer Overflow Vulnerability

VideoLAN VLC media player is the multimedia player of VideoLAN program. A stack buffer overflow vulnerability exists in multiple files of VideoLAN VLC Media Player in the 'ASFObjectDumpDebug', 'AVIChunkDumpDebuglevel', and 'the MP4BoxDumpStructure' functions are vulnerable to a stack buffer...

openSUSE Security Update : python3-rpm / rpm / rpm-python (openSUSE-SU-2014:1716-1)

This rpm update fixes the following security and non security issues : - honor --noglob in install mode bnc892431 - check for bad invalid name sizes bnc908128 CVE-2014-8118 - create files with mode 0 bnc906803 CVE-2013-6435 This update also includes version updates of rpm-python and python3-rpm...

Festo CECX-X-(C1/M1) Controller Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 25, 2014, and is now being released to the NCCIC/ICS-CERT web site. K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers. Festo has decided not to...

大米CMS最新版SQL盲注5绕过防御

简要描述： 大米CMS最新版4.7，SQL盲注 详细说明： 大米CMS最新版4.7，SQL盲注，绕过防御 文件/Web/Lib/Action/PublicAction.class.php： //在线充值或在线订单处理 function shouquan $appath = intvalC'APTYPE'==1?'apjishi':'apdanbao'; requireonce"./Trade/$appath/alipay.config.php"; requireonce"./Trade/$appath/lib/alipaynotify.class.php"; //计算得出通知验证结果...

CVE-2014-9412

Multiple cross-site scripting XSS vulnerabilities in NetIQ Access Manager NAM 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary parameter to roma/jsp/debug/debug.jsp or 2 an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

CVE-2014-8724

CVE-2014-8724 affects the WordPress plugin W3 Total Cache up to version before 0.9.4.1 . The root cause is improper sanitization of user-supplied input in the HTML comments for the Cache key when the page cache debug info is enabled, allowing a reflected XSS scenario via PATH_INFO to the default ...

PT-2014-8691 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the Cache key in the HTML-Comments when debug...

Fedora 20 : xen-4.3.3-6.fc20 (2014-15995)

Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Note that Tenable Network Security has extracted the preceding description block directly from the...

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

Fedora 19 : readline-6.2-8.fc19 (2014-7496)

readline in Fedora is very slow when rleventhook is used, this update fix it. Security patch for debug function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it a...

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

.NET Remoting Services - Remote Command Execution

Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35280.zip ExploitRemotingService c 2014 James Forshaw ============================================= A tool to exploit .NET Remoting...

CentOS 6 : sudo (CESA-2013:1701)

An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...