2293 matches found
Proticaret E-Commerce Script 3.0 - SQL Injection (1)
Proticaret E-Commerce Script 3.0 - SQL Injection 1 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...
PowerDNS Recursor Denial of Service (CVE-2014-3614)
A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...
NETIS DL4322D XSS / CSRF / DoS
Vulnerable Device: NETIS DL4322D 300Mbps Wireless N ADSL2+ Modem Router Multiple vulnerabilites Other models of netis may also suffer from this vulns Vendor: http://www.netis-systems.com Product overview: http://www.netis-systems.com/en/products/ADSL2+-Wireless-Modem-Router/941.html The netis...
HP Data Protector Opcode 305 Directory Traversal (CVE-2014-5160)
A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization of a file name provided with Opcode 305. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful...
Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)
This ALAS is superceded by ALAS-2014-419. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...
bash: specially-crafted environment variables can be used to inject shell commands
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...
Mozilla Firefox DOMSVGLength Reflected Attribute Use-After-Free (CVE-2014-1563)
A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to an issue with handling DOMSVGLength objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a malicious page. Successful exploitation could lead to arbitrary...
Important: Red Hat Security Advisory: bash security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...
bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...
CentOS Update for bash CESA-2014:1293 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service (CVE-2014-5266)
A denial of service vulnerability has been reported in Drupal Core. The vulnerability can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...
Microsoft Internet Explorer onreadystatechange Use After Free
A use after free vulnerability exists in Microsoft Internet Explorer. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the...
conga: Multiple information leak flaws in various luci site extensions
Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure...
krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application...
HP Service Virtualization AutoPass License Server Directory Traversal (CVE-2013-6221)
A code execution vulnerability exists in HP Service Virtualization running the AutoPass License Server. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation of this vulnerability could result in creation ...
HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)
An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...
Debian DSA-2981-1 : polarssl - security update
A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute...
Hosting Controller <= 6.1 Hotfix 3.2 - Remote Unauthenticated Vulns
No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On March 17, 2014 Reported...
[ MDVSA-2014:044 ] zarafa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:044 http://www.mandriva.com/en/support/security/ Package : zarafa Date : February 19, 2014 Affected: Business Server 1.0 Problem Description: Robert Scheck discovered multiple vulnerabilities in Zarafa that...