250 matches found
Product update: Virtuozzo 7.0 Update 6 Hotfix 1 (7.0.6-678)
The Hotfix 1 for Virtuozzo 7.0 Update 6 provides stability and usability bug fixes. Vulnerability id: PSBM-72443 Migration of a VM with two HDDs from Virtuozzo 6 to 7 could fail due to a libvirt conversion failure. Vulnerability id: PSBM-77096 vstorage-mount could crash under certain conditions d...
Updated curl packages fix security vulnerabilities
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...
Cross site scripting
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
UBUNTU-CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
CVE-2017-6814
CVE-2017-6814 affects WordPress
WordPress 4.7.3 Patches Half-Dozen Vulnerabilities
WordPress released a security update on Tuesday that patched a half-dozen bugs, including one that could be chained with the recent REST API Endpoint flaw that led to a million website defacements. Given that the bug was introduced in WordPress 4.7 and the availability of a patch that backports...
CVE-2017-2960
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution...
[SECURITY] Fedora 23 Update: kf5-kfilemetadata-5.24.0-1.fc23
A Tier 2 KDE Framework for extracting file metadata...
DEBIAN-CVE-2015-6602
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x...
TYPO3 CMS Edit File Metadata Access Bypass Vulnerability
TYPO3 is a free and open source content management system. A security vulnerability in the TYPO3 CMS edit file metadata allows remote attackers to bypass security restrictions and perform unauthorized operations...
Access bypass when editing file metadata
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/...
[SECURITY] Fedora 20 Update: kfilemetadata-4.14.1-1.fc20
A library for extracting file metadata...
CVE-2013-6124
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...
Command injection
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...
CVE-2013-6124
The CVE-2013-6124 entry describes a local privilege escalation in Code Aurora Forum (CAF) Android 4.1.x–4.4.x where Qualcomm Innovation Center (QuIC) init scripts allow a symlink attack to modify file metadata. Specifically, during device startup, init shell scripts run with root privileges and m...
CVE-2013-6124
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...