CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments...

UBUNTU-CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments...

PT-2014-1807 · Lua +2 · Lua +2

Name of the Vulnerable Software and Affected Versions: Lua versions 5.1 through 5.2.x before 5.2.3 Description: The issue is caused by a buffer overflow in the vararg functions in ldo.c, allowing context-dependent attackers to cause a denial of service crash via a small number of arguments to a...

Sandcat Browser 5 - A Penetration-Oriented Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers. He...

MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerd...

Wireshark console.lua pre-loading vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

CVE-2014-4329

Cross-site scripting XSS vulnerability in lua/hostdetails.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

PYSEC-2014-114

Cross-site scripting XSS vulnerability in lua/hostdetails.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2014-4329

ntopng 1.1 is affected by a Cross-Site Scripting (XSS) vulnerability in lua/host_details.lua, allowing remote attackers to inject arbitrary web script or HTML via the host parameter. The underlying issue is improper input validation in host_details.lua. Affected component/file: host_details.lua w...

CVE-2014-4329

Removed by vendor...

openSUSE Security Update : wireshark (openSUSE-SU-2012:1633-1)

This update fixes the following issues for wireshark : - Security update to 1.8.4 : https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378 CVE-2012-5592 Wireshark 1 pcap-ng hostname disclosure wnpa-sec-2012-30 CVE-2012-5593 Wireshark 2 DoS infinite lo...

openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)

This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser...

CVE-2013-4570

The CVE-2013-4570 issue affects the Scribuntu extension for MediaWiki via the php-luasandbox component: a vulnerability in zend_inline_hash_func can trigger a NULL pointer dereference and crash (DoS) when converting Lua data structures to PHP, demonstrated by input like { [{}] = 1 }. Affected ver...

Fedora Update for prosody FEDORA-2014-5586

Check for the Version of prosody OpenVAS Vulnerability Test Fedora Update for prosody FEDORA-2014-5586 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

[SECURITY] Fedora 19 Update: prosody-0.8.2-11.fc19

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Prosody XML解压缩拒绝服务漏洞

CVE ID:CVE-2014-2744、CVE-2014-2745 Prosody是一个用Lua语言编写的Jabber/XMPP服务器软件。 Prosody处理压缩流存在错误，允许攻击者通过XMPP流提交特制的XML消耗系统资源，造成拒绝服务攻击。 0 Prosody 0.x Prosody 0.9.4版本已修复该漏洞，建议用户下载使用： http://www.prosody.im...

Debian DSA-2895-1 : prosody - security update

A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-compressed XML elements attack known as 'zip bomb' over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected b...

DSA-2895-1 prosody - security update

Bulletin has no description...

[SECURITY] [DSA 2895-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 [email protected] http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq -...