121 matches found
rConfig cross-site scripting vulnerability (CNVD-2020-33652)
rConfig is an open source network configuration management utility . A cross-site scripting vulnerability exists in the devicemgmnt.php file in version 3.9.4 of rConfig. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by ...
rConfig Authorization Issues Vulnerability
rConfig is an open source network configuration management utility . An authorization issue vulnerability exists in rConfig version 3.9.4. An attacker could exploit this vulnerability to access other user sessions...
rConfig Cross-Site Scripting Vulnerability
rConfig is an open source network configuration management utility . A cross-site scripting vulnerability exists in the devicemgmnt.php file in version 3.9.4 of rConfig. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by ...
CVE-2020-12256
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php...
CVE-2020-12258
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259...
CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter...
Joomla! < 3.9.4 Multiple Vulnerabilities
Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...
Joomla! cross-site scripting vulnerability (CNVD-2019-15987)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.9.4, which can be exploited by remote attackers to execute arbitrary scri...
R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)
Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application...
Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability
Hyundai Motor America Blue Link is a remote wireless remote control device for use in automobiles. A sensitive information disclosure vulnerability exists in Hyundai Motor America Blue Link versions 3.9.5 and 3.9.4, which stems from the program's use of hard-coded passwords. An attacker could...
[SECURITY] [DLA 402-1] tiff security update
Package : tiff Version : 3.9.4-5+squeeze13 CVE ID : CVE-2015-8665 CVE-2015-8683 Debian Bug : 809021 808968 Two security flaws have been found and solved in libtiff, library that provides support for handling Tag Image File Format TIFF. These flaws concern out of bounds reads in the TIFFRGBAImage...
Updated wordpress packages fix security vulnerabilities
Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.4, which fixes several security issues, including a cross-site scripting issue which can be exploited by remote unauthenticated users...
WordPress < 3.7.6 / 3.8.6 / 3.9.4 / 4.1.2 Multiple Vulnerabilities
According to its version number, the WordPress application running on the remote web server is potentially affected by multiple vulnerabilities : - An unspecified flaw exists that allows an attacker to upload arbitrary files with invalid or unsafe names. Note that this only affects versions 4.1 a...
u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities
Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description u5CMS suffers from multiple store...
DLA-0013-1 tiff - security update
Bulletin has no description...
DEBIAN-CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
UBUNTU-CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
PT-2013-3563 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.9.4 Description: The issue concerns the fill event metadata function in fs/notify/fanotify/fanotify user.c, which fails to initialize a certain structure member. This allows local users to obtain sensitive...
Debian DSA-2447-1 : tiff - integer overflow
Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...
Debian Security Advisory DSA 2256-1 (tiff)
The remote host is missing an update to tiff announced via advisory DSA 2256-1. OpenVAS Vulnerability Test $Id: deb22561.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2256-1 tiff Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...