SOL16505 - NTP vulnerability CVE-2015-1798

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

Symantec Data Center Security Server 'environment.jsp' Information Disclosure (SYM15-001)

The remote Symantec Data Center Security Server running on the remote host is affected by an information disclosure vulnerability in the '/webui/admin/environment.jsp' script, which discloses sensitive information about the server and software configuration. %NASLMINLEVEL 70300 C Tenable Network...

samba: arbitrary code execution

A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. This flaw arises because of an uninitialized pointer is passed ...

Input validation

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

JVN#13566542: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Note that this vulnerability was caused due to an incomplete fix of JVN10319260...

Static-HTTP-Server-1.0-SEH

Notes: Multiple HTTP commands and headers are vulnerable to overflows and trigger an exception, but I was unable to control the SEH handler with anyting but configuration options in the http.ini. import os def fileCreate: print "\n Your current file directory is %s. " % os.getcwd try: File =...

[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.12-1.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Amazon Linux AMI : openssl (ALAS-2014-427)

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory leak flaw was...

Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass

A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...

Fixed potential path traversal attack and remote code injection

This is a security release. All users MUST upgrade to this release to prevent two potential security issues: - path traversal attack - remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First,...

exbb <= 0.22 (lfi/rfi) Multiple Vulnerabilities

No description provided by source. ==================================================================================================== / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

PW New Media Network Modular Site Management System 0.2.1 Ver.asp Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10208/info It has been reported that Modular Site Management System may be prone to an information disclosure issue that could allow an attacker to gain access to a server's configuration information. MSMS version 0.2.1 i...

Simple Machines Forum <= 1.1.4 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

Matt Wright guestbook.pl Arbitrary Command Execution

No description provided by source. $Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

PHP-Fusion Database Backup Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server...

Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/4878/info Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the...

Round Cube Webmail 0.1 -20051021 Path Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/15920/info Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against the target server. Th...