6680 matches found
Code injection
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...
CVE-2015-0496
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...
CVE-2015-0496
CVE-2015-0496 affects Oracle PeopleSoft: PeopleSoft Enterprise PeopleTools component, specifically the PIA Search Functionality, in Oracle PeopleSoft products with version 8.53 and 8.54. The vulnerability is described as unspecified but allows remote authenticated users to affect confidentiality ...
KLA10515 Multiple vulnerabilities in PHP and extensions
Multiple serious vulnerabilities have been found in PHP and extensions. Malicious users can exploit these vulnerabilities to cause denial of service or inject code. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be exploited remotely via a specially designed year...
TWiki Debugenableplugins Remote Code Execution Exploit
TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: http://metasploit.com/download...
CVE-2015-1232
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midimanagerusb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...
Important: Red Hat Security Advisory: redhat-access-plugin-openstack security update
An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...
X (Formerly Twitter): XSS in original referrer after follow
Hey hi, There is a XSS in the intent functionality , Steps to reproduce ======================= 1 copy paste the following Link https://twitter.com/intent/favorite/complete?tweetid=572435913768366080&alreadyfavorited=false&originalreferer=javascript:alert%281%29; 2 Click follow 3 now click return...
Exploiting XXE Vulnerabilities in OXML Documents - Part 1
OXML is a common document format; think docx Microsoft Word Document, pptx Microsoft Powerpoint, xlsx Excel Spreadsheet, etc. An OXML document is a zip file containing XML files and any media files. When the document is rendered, the rendering library unzips the document and then parses the...
HelpDezk Multiple Vulnerabilities (Mar 2015)
HelpDezk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : jenkins -- multiple vulnerabilities (7480b6ac-adf1-443e-a33c-3a3c0becba1e)
Kohsuke Kawaguchi from Jenkins team reports : DescriptionSECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...
X (Formerly Twitter): Redirect URL in /intent/ functionality is not properly escaped
Choose a tweet from a user that the victim follows but not favorited. Send the victim message like "Please favorite this:...
Piwigo 2.7.3 Cross Site Scripting / SQL Injection Vulnerabilities
CMS Piwigo versions 2.7.3 and below suffer from cross site scripting and remote SQL injection vulnerabilities. Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL:...
[SECURITY] Fedora 20 Update: roundcubemail-1.0.5-1.fc20
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
“After this job” (Daisy Chain) behavior change in Veeam Backup & Replication v8
This article documents the behavioral change made to the “After this job” function in Veeam Backup & Replication v8...
Input validation
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors...
WordPress Geo Mashup 1.8.2 Cross Site Scripting
Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: = 1.8.2 Fixed version: 1.8.3 January, 11 2015 Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location...
Design/Logic Flaw
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files...
JVN#27142693: NP-BBRM vulnerable in UPnP functionality
NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings screen...
MGASA-2015-0007 Updated webmin packages fix security vulnerabilities
Updated webmin package fixes security vulnerability: The webmin package has been updated to version 1.730 to fix possible security issues that could be caused by malicious symlinks when reading mail. The updated version also has various bug fixes, translation updates, and functionality...