UBUNTU-CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

PT-2014-1176

Name of the Vulnerable Software and Affected Versions bash versions 1.14 through 4.2 p52 GNU Bash affected versions not specified Description The issue is related to the way shell functions are passed through environment variables, allowing an attacker to inject commands into a Bash shell. This c...

DSA-3032-1 bash - security update

Bulletin has no description...

PhpMyAdmin SERVER Superglobal Remote Variable Manipulation

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

PhpMyAdmin GLOBALS Superglobal Remote Variable Manipulation

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...

Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the...

USN-2306-3: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Maksymilian Arciemowicz discovered that the GNU C Library...

Joomla Spider Calendar <= 3.2.6 SQL Injection Vulnerability

Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : Joomla Spider Calendar = 3.2.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link :...

IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)

The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List UTL portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL...

Fedora 20 : glibc-2.18-14.fc20 (2014-9824)

Locale names, including those obtained from environment variables LANG and the LC variables, are more tightly checked for proper syntax. setlocale will now fail with EINVAL for locale names that are overly long, contain slashes without starting with a slash, or contain '..' path components...

Updated ansible package fixes multiple security issues

Updated ansible package fixes security vulnerabilities: The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables CVE-2014-4678, CVE-2014-4966,...

Blackhat 2014 Arsenal Experience

Last week at Blackhat Arsenal 2014, Pete and I @willis presented on Serpico. Arsenal was a great experience and I would highly recommend to anyone as an attendee or presenter. We got some great feedback on the project, so thank you to anyone who stopped by. Here were the top 3 feature requests an...

USN-2306-2: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon nscd, such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to b...

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2306-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2306-1 advisory. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denia...

USN-2306-1: GNU C Library vulnerabilities

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. CVE-2013-4357 It was discovered that the GNU C Library incorrectly handled the...

Information disclosure

The Unified Task List UTL Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors...

CVE-2014-3056

CVE-2014-3056: Affected product is IBM WebSphere Portal Unified Task List (UTL) Portlet on WebSphere Portal 7.x and 8.x up to 8.0.0.1 CF12. The issue is information disclosure exposing environment variables and certain JAR versions via unspecified vectors. This is an information disclosure vulner...

CVE-2014-3056

The Unified Task List UTL Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors...