Microsoft patch day 2015-4-14: the repair of many high-risk IE, Windows, Office vulnerabilities-vulnerability warning-the black bar safety net

Monthly the second Tuesday, Microsoft fixed the patch to fix the day, Microsoft on Tuesday（2015-4-14 the“patch day”on repairing a large number of vulnerabilities, which includes many IE, Windows, Office, high-risk vulnerabilities. Update announcement MS15-0 3 4 announcement MS15-0 3 4 announcemen...

FreeBSD zfs weak permissions

Weak file permissions may be set during transaction replay...

SAP Internet Transaction Server Information Disclosure - Ver2 (CVE-2003-0747)

An information disclosure vulnerability has been reported in Sap Internet Transaction Server. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

IBM Tivoli Storage Manager Backup-Archive client authentication bypass vulnerability

IBM Tivoli Storage Manager TSM is a suite of backup and recovery management solutions from IBM in the U.S. It supports data protection, space management and archiving, business recovery, and disaster recovery.IBM TSM Backup-Archive Client is one of the backup archive clients. A security...

subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names

A NULL pointer dereference flaw was found in the way the moddavsvn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing moddavsvn to crash...

Mandriva Linux Security Advisory : subversion (MDVSA-2015:005)

Updated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way moddavsvn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash moddavsvn CVE-2014-3580. A NULL pointer dereference flaw was found in t...

Enter: stored xss in transaction

Open wallet settings and remove maxlength="30" from wallet name input 2. Change name to something like this asdf'"alert1 3. Go to "Send bitcoin" and make inbound transfer from one wallet to another with description: descalert'xss in description' 4. Submit form 5. After submit we got xss both in...

DEBIAN-CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

Null pointer dereference

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

UBUNTU-CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

Square: Delayed, fraudulent transactions possible with encrypted Square Reader devices due to lack of server-side verification of device transaction counter

Although Square Readers implement encryption, possibly with a Derived Unique Key Per Transaction DUKPT scheme, the transaction counter of a Square Reader device is not verified when performing server-side decryption of swipe data. During a valid sale, a malicious merchant or third party can recor...

CVE-2014-7842

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service guest OS crash via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to...

CVE-2014-7842

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service guest OS crash via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to...

PayPal MultiOrder Shipping Cross Site Scripting

Document Title: =============== PayPal Inc BugBounty 107 MultiOrder Shipping API - Persistent History Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1048 PayPal Security UID: dq115aYq Release Date: ============= 2014-10-27 Vulnerability...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

Oracle Business Transaction Management Detection

Binary data oraclebusinesstransactionmanagementdetect.nbin...

Oracle Business Transaction Management 'FlashTunnelService' 'WriteToFile' Message RCE

The remote web server is hosting a version of Oracle Business Transaction Management that is affected by a remote code execution vulnerability. The 'FlashTunnelService' web service does not require authentication and exposes the 'WriteToFile' function, which can allow a remote, unauthenticated...

kernel: powerpc: tm: crash when forking inside a transaction

A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system...

Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)

No description provided by source. Microsoft Windows KTM Invalid Free with reused transaction GUID ---------------------------------------------------------------------------- CVE-2010-1889 The Kernel Transaction Manager ktm was introduced in Windows Vista and has been included in subsequent...