SUSE-SU-2016:1301-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - bsc978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the...

QEMU VGA Module Denial of Service Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in QEMU's VGA module. An attacker can exploit this vulnerability to execute arbitrary code on the host computer with elevated privileges...

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

The vulnerability of the Moodle learning management system allows a hacker to bypass existing access restrictions.

The vulnerability of the Moodle learning management system’s module is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions...

Drupal Nodejs Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...

Drupal Open Atrium Module Security Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium is one of the team collaboration and knowledge management system modules. A security bypass vulnerability exists in the Drupal Open Atrium module that can be exploited by...

amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149

This module enables you to integrate with amoCRM service using webhooks. The module does not sufficiently sanitize the logged data when malicious POST data is received. This vulnerability is mitigated by the fact that a module such "Database logging" dblog must be enabled which displays log...

Drupal Corner Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Corner is one of the website modification modules. A cross-site request forgery vulnerability exists in the Drupal Corner module. A remote attacker can exploit this vulnerability to...

Code injection

The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL...

Cisco IOS TCP Input Module Denial of Service Vulnerability

Cisco IOS is a popular Internet operating system. A memory leak vulnerability exists in the Cisco IOS TCP input module, which allows remote attackers to conduct denial-of-service attacks via specially crafted TCP messages...

CVE-2014-8165

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CBSMS Mambo Module <= 1.0 - Remote File Include Vulnerability

No description provided by source...

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

MGASA-2014-0031 Updated drupal package fixes security vulnerabilities

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...

phpcms 9.4.2 /phpcms/modules/pay/respond.php 路径泄漏

No description provided by source...

PSF-2013-2 ssl: NULL in subjectAltNames

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

SA-CONTRIB-2012-118 - Secure Login - Open Redirect

Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. In addition, Secure Login module by default redirects non-HTTPS GET requests for pages containing forms that i...

CLscript CMS v3.0 SQL Injection

Exploit for php platform in category web applications Title: ====== CLscript CMS v3.0 - Multiple Web Vulnerabilities Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============= With the professionally developed Classified-Portal CLscript 3.0 can...

DEBIAN-CVE-2012-2089

Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...