LibreSSL memory leak vulnerability-vulnerability warning-the black bar safety net

Affected system: LibreSSL LibreSSL 2.0.0 - 2.3.0 Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-5 3 3 3 LibreSSL is OpenSSL encryption software library a branch, is the Secure Sockets LayerSSLand Transport Layer...

OpenSMTPD after the release of the heavy interest with vulnerability-vulnerability warning-the black bar safety net

Affected system: opensmtpd opensmtpd Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 6 8 7 OpenSMTPD is an RFC 5 3 2 1 definition of server-side SMTP Protocol is free to implement. OpenSMTPD in PROCLKA achieve on there after...

Siemens RUGGEDCOM ROS IP forwarding Vulnerability(CVE-2 0 1 5-6 6 7 5)-vulnerability warning-the black bar safety net

Affected system: Siemens RuggedCom ROS 3.8.0-4.2.0 Description: CVECAN ID: CVE-2 0 1 5-6 6 7 5 Siemens RuggedCom ROS and ROX devices used in harsh environments for equipment connections, such as substations, traffic management, chassis, etc. RUGGEDCOM ROS 3.8.0-4.2.0 version of the IP forwarding...

Apache Struts Exclude mode Vulnerability(CVE-2 0 1 5-1 8 3 1)-vulnerability warning-the black bar safety net

Affected system: The Apache Group Struts 2.3.20 Not affected system: The Apache Group Struts 2.3.20.1 Description: CVECAN ID: CVE-2 0 1 5-1 8 3 1 Struts is for building Web applications of open source. Struts 2.3.20 using the wrong default the exclude mode, If enabled the default setting, the err...

Gitlab 'groups' API security restrictions bypass vulnerability-vulnerability warning-the black bar safety net

Affected system: GitLab GitLab 6. x Description: BUGTRAQ ID: 7 0 8 4 1 GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. Gitlab 6.0 and later on the realization ...

Mozilla Firefox/Thunderbird memory corruption vulnerability(CVE-2 0 1 4-1 5 7 4)-vulnerability warning-the black bar safety net

Affected system: Mozilla Firefox Description: BUGTRAQ ID: 7 0 4 3 6 CVECAN ID: CVE-2 0 1 4-1 5 7 4 Firefox/Thunderbird/SeaMonkey is Mozilla released the WEB browser and email/newsgroup client. Mozilla Firefox and Thunderbird in the realization on the presence of memory corruption vulnerabilities,...

Joomla! Spider Contacts 'index.php' SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected system: Joomla! Spider Contacts = 1.3.6 Description: BUGTRAQ ID: 6 9 7 5 7 Joomla! Spider Contacts is a Joomla! An extension, you can easily manage contact information. Spider Contacts 1.3.6 and earlier in the realization of the presence ofsql injectionvulnerabilities successfully...

cmseasy存储型XSS(CmsEasy_5.5_20140605升级补丁绕过)

简要描述： removexss函数依旧可绕过 详细说明： 这是我用你最新补丁中bbspublic.php里的removexss做的一个小的测试页面： http://x55.me/cmseasy.php?xss=test 下面是相关代码：（x-xss-protection:0 只是为了方便测试） ?php header"X-XSS-Protection: 0"; $val=$GET"xss"; $val = pregreplace'/\x00-\x08,\x0b-\x0c,\x0e-\x19/', '', $val; $search =...

Serv-U multiple security vulnerabilities-vulnerability warning-the black bar safety net

Affected system: serv-u serv-u 1 5. x Description: -------------------------------------------------------------------------------- Serv-U is a widely usedFTP serverprogram. Serv-U 15.1.0.458 prior versions did not verify the user name will return a different response, which can lead to enumerate...

HP Database and Middleware Automation信息泄漏漏洞

Bugtraq ID:66960 CVE ID:CVE-2013-6212 惠普数据库和中间件自动化软件HP Database and Middleware Automation DMA可提高员工效率,并将数据库管理人工操作进行自动化处理。 HP database and Middleware Automation server存在一个未明安全漏洞，允许攻击者利用漏洞获取敏感信息。 0 HP database and Middleware Automation server v10.0 HP database and Middleware Automation server v10.01...

HP Universal Configuration Management Database远程代码执行漏洞

Bugtraq ID:66963 CVE ID:CVE-2013-6215 HP Universal Configuration Management Database是惠普公司的统一配置管理数据库应用。 HP Universal Configuration Management Database存在一个未明安全漏洞，允许远程攻击者利用漏洞以应用程序上下文执行任意代码。 0 HP Universal Configuration Management Database Integration Service v10.01 HP Universal Configuration...

HP Universal Configuration Management Database远程代码执行漏洞

Bugtraq ID:66962 CVE ID:CVE-2013-6214 HP Universal Configuration Management Database是惠普公司的统一配置管理数据库应用。 HP Universal Configuration Management Database存在一个未明安全漏洞，允许远程攻击者利用漏洞获取敏感信息。 0 HP Universal Configuration Management Database Integration Service v9.05 HP Universal Configuration Management...

Barracuda多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 Barracuda多个产品存在安全漏洞。 Barracuda所绑定的OpenSSL存在安全漏洞，OpenSSL处理TLS”心跳“扩展存在一个边界错误，允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥，用户名密码等。 0 Barracuda CudaTel Communication Server 2.x Barracuda CudaTel Communication Server 3.x Barracuda Firewall 6.x Barracuda Link Balancer 2.x Barracuda...

IBM SPSS Analytic Server信任管理漏洞

CVE ID:CVE-2014-0920 IBM SPSS Analytic Server是美国IBM公司的一套用于大数据预测性分析的IBM引擎，它可在大数据中产生预测和建议，从而实现各种大量数据的最优性能。 IBM SPSS Analytic Server存在安全漏洞，该由于程序以明文方式记录密码，远程攻击者可利用该漏洞获取敏感信息。 0 IBM SPSS Analytic Server 1.0.0.0 IBM SPSS Analytic Server 1.0.1.0 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

CyaSSL多个安全漏洞

Bugtraq ID:66780 CyaSSL是针对嵌入系统开发人员的小型的便携嵌入式SSL编程库。 CyaSSL 2.9.4之前版本在实现上存在空指针间接引用、越界内存读取、X.509未知证书等多个安全漏洞，这些漏洞可被恶意利用导致内存破坏、任意代码执行等。 0 CyaSSL 2.9.4 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.yassl.com/yaSSL/Products-cyassl.html...

Juniper JunOS SRX服务网关动态VPN连接拒绝服务漏洞

CVE ID:CVE-2014-0612 Juniper JunOS SRX Branch Series Service Gateways是系列服务网关动态服务架构产品。 Juniper JunOS SRX Branch Series Service Gateways在动态VPN连接的实现上存在错误，这可导致未授权访问及拒绝服务攻击。 0 Juniper Networks JunOS SRX Branch Series Service Gateways 12.x Juniper Networks JunOS SRX Branch Series Service Gateways 11.x...

Open-Xchange AppSuite信息泄露漏洞

Bugtraq ID:66694 CVE ID:CVE-2014-2391 Open-Xchange Server是部分开源的项目，主要开发协同软件，例如电子邮件、日历等。 Open-Xchange AppSuite 7.4.2 及更早版本在实现上存在信息泄露漏洞，本地用户可利用此漏洞访问敏感信息。 0 open-xchange OX App Suite 7.4.2 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.open-xchange.com/home.html...

FreeBSD远程拒绝服务漏洞

Bugtraq ID:66726 CVE ID:CVE-2014-1453 FreeBSD是一种UNIX操作系统，是由经过BSD、386BSD和4.4BSD发展而来的Unix的一个重要分支。 FreeBSD在转换目标文件句柄为vnode时存在锁顺序错误，这可导致死锁，造成拒绝服务。 0 FreeBS 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.freebsd.org/security/index.html...

Cisco Adaptive Security Appliance 远程权限提升漏洞

Bugtraq ID:66747 CVE ID:CVE-2014-2126 Cisco ASA 5500系列自适应安全设备是用于提供安全和VPN服务的模块化平台，可提供防火墙、IPS、anti-X和VPN服务。 Cisco Adaptive Security Appliance ASA Software 8.25.47之前版本、8.47.5之前版本、8.71.11之前版本、9.03.10之前版本、9.13.4之前版本在实现上存在安全漏洞，这可使经过身份验证的远程用户通过Level-0 ASDM访问，利用此漏洞获取权限。 0 Cisco Adaptive Security Applianc...

WellinTech KingSCADA未明远程栈缓冲区溢出漏洞

CVE ID:CVE-2014-0787 WellinTech KingSCADA是一款面向高、中端市场的SCADA产品。 WellinTech KingSCADA存在一个基于栈的缓冲区溢出，允许攻击者向KingSCADA发送特制的报文，可以应用程序上下文执行任意代码。 0 WellinTech KingSCADA 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.wellintech.com/index.php?option=comcontent&view=article&id=56&Itemid=11...