Lucene search
+L

280 matches found

Oracle linux
Oracle linux
added 2016/05/12 12:0 a.m.79 views

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

7.2CVSS0.4AI score0.00397EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 9:25 a.m.26 views

CVE-2007-1883

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain...

7.8CVSS7.2AI score0.01337EPSS
Exploits1References2
securityvulns
securityvulns
added 2014/12/29 12:0 a.m.73 views

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rцsemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/12/24 12:0 a.m.32 views

CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

Exploits0
Tenable Nessus
Tenable Nessus
added 2011/05/27 12:0 a.m.20 views

FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

Drupal Team reports : A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-scree...

5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2011/02/01 12:0 a.m.4 views

PT-2011-2598 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 CHF1 and earlier Description: The issue allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. The vendor disputes the...

5.3CVSS6.6AI score0.02775EPSS
Exploits1References8
0day.today
0day.today
added 2010/04/30 12:0 a.m.21 views

Apache ActiveMQ version 5.3.x XSS Vulnerabilities

Exploit for php platform in category web applications ================================================= Apache ActiveMQ version 5.3.x XSS Vulnerabilities ================================================= Severity: Medium Overview: --------- Apache ActiveMQ is prone to cross-site scripting...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/04/30 12:0 a.m.52 views

Apache ActiveMQ XSS Vulnerability

Vulnerability Info: 26/04/2010 Issue Discovered 26/04/2010 Vendor Notified 27/04/2010 Vendor Conformed Class: Cross-Site Scripting Input validation Severity: Medium Overview: --------- Apache ActiveMQ is prone to cross-site scripting vulnerability. Technical Description: ---------------------- Th...

1.3AI score
Exploits0
Prion
Prion
added 2007/10/26 6:46 p.m.18 views

Directory traversal

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.7AI score0.03024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/10/26 6:0 p.m.24 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.3AI score0.03024EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/09/14 12:0 a.m.33 views

CVE-2007-4888

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribu...

6.2AI score0.00773EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/04/19 12:0 a.m.33 views

Fedora Core 6 : kernel-2.6.20-1.2944.fc6 (2007-432)

Updated to upstream linux kernel 2.6.20.6: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.6 CVE-2007-1357: The atalksumskb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote...

7.8CVSS5.4AI score0.13529EPSS
Exploits0References3
CVE
CVE
added 2007/04/06 1:0 a.m.90 views

CVE-2007-1883

The CVE-2007-1883 entry describes a PHP vulnerability across multiple branches (PHP 4.0.0–4.4.6 and 5.0.0–5.2.1) where an interruption triggering a userspace error handler can change a parameter to an arbitrary pointer, allowing context-dependent attackers to read arbitrary memory via the iptcemb...

7.8CVSS7.5AI score0.01337EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2007/03/31 12:0 a.m.43 views

MOPB-37-2007:PHP iptcembed() Interruption Information Leak Vulnerability

Summary Whenever functions accept references which all do in the default configuration it is possible for a malicious user space error handler that interrupts the function to modify the function parameters after the function has already started executing. This might for example trick the function...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2007/03/29 12:0 a.m.11 views

PHP 5.2.1 - Multiple functions Reference Information Disclosures

PHP 5.2.1 - Multiple functions Reference Information Disclosures source: https://www.securityfocus.com/bid/23202/info PHP is prone to an information-disclosure vulnerability due to a design error. The vulnerability resides in various functions that accept parameters as references. Successful...

Exploits0
NVD
NVD
added 2007/03/21 11:19 p.m.31 views

CVE-2007-1582

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD ext/gd extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify...

6.8CVSS7.5AI score0.05924EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2007/03/20 12:0 a.m.35 views

PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/17 12:0 a.m.77 views

MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

Summary The sessionregenerateid function that is used to generate a new session identifier fails to clear an already freed pointer to the former session identifier before calling the session identifier generator. When this generator triggers an error this can result in a double free that is easil...

0.4AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.11 views

CVE-2004-2498

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...

5CVSS6.6AI score0.01388EPSS
Exploits0References5
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.31 views

Microsoft ISA Server HTTP error handler XSS (TL#007)

Thor Larholm security advisory TL006 ------------------------------------- 16 July 2003 HTML format: http://pivx.com/larholm/adv/TL006 Topic: ISA Server HTTP error handler XSS. Discovery date: 25 June 2002. Severity: Medium Affected applications: ---------------------- Any Microsoft Internet...

6AI score
Exploits0
Rows per page
Query Builder