463 matches found
Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.
---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...
Design/Logic Flaw
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service memory consumption via a large integer in a %MAKETEXT% macro...
CVE-2012-6330
CVE-2012-6330 affects TWiki
TWiki MAKETEXT Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'TWiki MAKETEXT Remote Command...
TWiki MAKETEXT Remote Command Execution Vulnerability
Exploit for unix platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
TWiki 5.1.2 Command Execution
This security advisory alerts you of a potential security issue with TWiki installations: The %MAKETEXT% TWiki variable allows arbitrary shell command execution. The problem is caused by an underlying security issue in the Locale::Maketext CPAN module. Vulnerable Software Version Attack Vectors...
Scientific Linux Security Update : gdm on SL5.x i386/x86_64
CVE-2009-2697 gdm not built with tcpwrappers A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. CVE-2009-2697 This update also fixes the...
WordPress CodeStyling Localization 1.99.16 Cross Site Scripting
Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...
glibc: insufficient quoting in the locale command output
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
CVE-2011-3430
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display...
Design/Logic Flaw
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display...
CVE-2011-3430
CVE-2011-3430 relates to Apple iOS prior to 5 where the Settings component mishandles localization for configuration profiles when the locale is not English. The root cause is a localization error that can cause configurations to be displayed incorrectly (Misleading UI) in non-English locales. Th...
[SECURITY] Fedora 16 Update: kde-l10n-4.7.1-1.fc16
Internationalization support for KDE...
CentOS Update for gdm CESA-2009:1364 centos5 i386
Check for the Version of gdm OpenVAS Vulnerability Test CentOS Update for gdm CESA-2009:1364 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)
Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOfficeorg packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the...
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
Design/Logic Flaw
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
glibc: insufficient quoting in the locale command output
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...