Code injection

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...

CVE-2012-3529

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...

Debian DSA-2537-1 : typo3-src - several vulnerabilities

Several vulnerabilities were discovered in TYPO3, a content management system. - CVE-2012-3527 An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users. - CVE-2012-3528 The TYPO3 backend contains several cross-site scripting vulnerabilities. -...

DSA-2537-1 typo3-src - several

Bulletin has no description...

FreeBSD : typo3 -- Multiple vulernabilities in TYPO3 Core (48bcb4b2-e708-11e1-a59d-000d601460a4)

Typo Security Team reports : It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution. TYPO3 Backend Help System - Due to a missing signature HMAC for a parameter in the viewhelp.php file, an...

typo3 -- Multiple vulernabilities in TYPO3 Core

Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution. TYPO3 Backend Help System - Due to a missing signature HMAC for a parameter in the viewhelp.php file, an...

CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents...

DEBIAN-CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents...

CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents...

Design/Logic Flaw

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents...

CVE-2011-4922

Pidgin (libpurple) Cipher API vulnerability CVE-2011-4922 affects cipher.c: it may retain encryption-key data in process memory, enabling local users to read sensitive information from memory/core dumps. This affects Pidgin builds prior to 2.7.10. Impact is information disclosure via memory conte...

CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents...

Path traversal

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as...

PcwRunAs 0.4 Password Obfuscation Design Flaw

Vuln Title: PcwRunAs Password Obfuscation Design Flaw Date: 26.03.2012 Author: Christian Landström, otr Software Link: http://www.pcwelt.de/downloads/pcwRunAs-1215998.html Version: = 0.4 Tested on: Windows CVE : CVE-2012-1793 Risk: high Type: Privilege Escalation Vendor: PC-Welt Timeline:...

FreeBSD Ports: krb5-appl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

CVE-2011-4922

cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. It was discovered that libpurple versions prior to 2.7.10...

krb5: telnet client and server encrypt_keyid heap-based buffer overflow

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...

FreeBSD Telnet Service Encryption Key ID Buffer Overflow

This module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service. -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Telnet Servic...