CVE-2014-8379

Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...

CVE-2014-8379

Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

F5 Networks BIG-IP : BIND denial-of-service attack (SOL14201)

A vulnerability exists in the BIND DNS server process that may allow a remote attacker to initiate a denial-of-service DoS attack against the DNS service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution...

OWASP Xenotix XSS Exploit Framework 6

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module ...

CVE-2014-0754

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

CVE-2014-0754 Schneider Electric

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

[SECURITY] Fedora 20 Update: python-2.7.5-14.fc20

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

DEBIAN-CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability Exploit Author : NULLPointer Contact : https://www.facebook.com/xenith.gianni Date : 20/09/2014 Vendor Homepage :...

openSUSE: Security Advisory for glibc (openSUSE-SU-2014:1115-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

Code injection

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

Fedora 20 : glibc-2.18-14.fc20 (2014-9824)

Locale names, including those obtained from environment variables LANG and the LC variables, are more tightly checked for proper syntax. setlocale will now fail with EINVAL for locale names that are overly long, contain slashes without starting with a slash, or contain '..' path components...

Debian DSA-3012-1 : eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve...