6058 matches found
WP Symposium 13.04 - Unvalidated Redirect
The wp-symposium WordPress plugin was affected by an Unvalidated Redirect security vulnerability...
EUVD-2014-3494
The cdfreadpropertyinfo function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service application crash via a crafted CDF file...
Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
No description provided by source. Unvalidated Redirects on Oracle Identity Manager ======================================================================= ADVISORY INFORMATION Title: Unvalidated Redirects on Oracle Identity Manager Discovery date: 10/12/2013 Release date: 03/04/2014 Vendor...
Sysinternals Regmon 6.11 Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel...
Spreecommerce 0.60.1 Arbitrary Command Execution
No description provided by source. $Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification
No description provided by source. PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili [email protected] Marco 'whitesheep' Rondini [email protected] Alessandro 'scox' Scoscia [email protected] In error.php, PhpMyAdmi...
Spreecommerce < 0.50.0 Arbitrary Command Execution
No description provided by source. $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
openSUSE Security Update : libX11 (openSUSE-SU-2013:1047-1)
This update of libX11 fixes several security issues. - U0001-integer-overflow-in-XQueryFont-on-32-bit-platfor ms-.patch, U0002-integer-overflow-in-XF86BigfontQueryFont-CVE-201 3-1.patch, U0003-integer-overflow-in-XListFontsWithInfo-CVE-2013-1 981.patch,...
openSUSE Security Update : libXt (openSUSE-SU-2013:1008-1)
This update of libXt fixes several security issues. - U0001-unvalidated-length-in-XtResourceConfigurationEH- CVE.patch - unvalidated length in XtResourceConfigurationEH CVE-2013-2002 bnc821670, bnc815451 - U0001-Unchecked-return-values-of-XGetWindowProperty-CVE -20.patch - Unchecked return values...
Persistent Cross Site Scripting Flaw in User Profiles
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...
Сross-Site Request Forgery (CSRF) in XCloner Standalone
Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...
Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
Exploit for php platform in category web applications Unvalidated Redirects on Oracle Identity Manager ======================================================================= ADVISORY INFORMATION Title: Unvalidated Redirects on Oracle Identity Manager Discovery date: 10/12/2013 Release date:...
Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
Oracle Identity Manager 11g R2 SP1 11.1.2.1.0 - Unvalidated Redirects Unvalidated Redirects on Oracle Identity Manager ======================================================================= ADVISORY INFORMATION Title: Unvalidated Redirects on Oracle Identity Manager Discovery date: 10/12/2013...
Oracle Identity Manager 11g R2 SP1 Unvalidated Redirect
Unvalidated Redirects on Oracle Identity Manager ======================================================================= ADVISORY INFORMATION Title: Unvalidated Redirects on Oracle Identity Manager Discovery date: 10/12/2013 Release date: 03/04/2014 Vendor Homepage: www.oracle.com Version: Oracle...
Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
Unvalidated Redirects on Oracle Identity Manager ======================================================================= ADVISORY INFORMATION Title: Unvalidated Redirects on Oracle Identity Manager Discovery date: 10/12/2013 Release date: 03/04/2014 Vendor Homepage: www.oracle.com Version: Oracle...
Slack: Content Spoofing
Here is an unvalidated insertion of an image, resulting to content spoofing https://awayon.slack.com/account/photo?url=http://www.thenewstribe.com/wp-content/uploads/2014/01/Syrian-Electronic-Army-hacked-CNN.jpg It displays any photo, what the attacker must know is just the "awayon" or the team...
Design/Logic Flaw
The client in Jetro COCKPIT Secure Browsing JCSB 4.3.1 and 4.3.3 does not validate the FileName element in an RDPFILETRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension...
SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)
This module enables you to publish and send newsletters to lists of subscribers. The module also includes an API that other modules can use to register subscribers. The module doesn't sufficiently sanitize e-mail addresses prior to outputting. The provided forms sign-up, mass import, .. validate...
Cisco Open Network Environment Platform Unvalidated Pointer (CSCui51551)
A vulnerability in the Open Network Environment Platform ONEP could allow an authenticated, remote attacker to cause the network element to reload. The vulnerability is due to insufficient pointer validation. An attacker could exploit this vulnerability by sending a crafted packet to an...
BoltWire 3.5 Cross Site Scripting Vulnerability
BoltWire versions 3.5 and beloBoltWire versions 3.5 and below suffer from multiple cross site scripting vulnerabilities.w suffer from multiple cross site scripting vulnerabilities. ============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: Mar...