7930 matches found
Vanilla Forums Cross-Site Scripting Vulnerability
Vanilla Forums is a Canadian company VanillaForums PHP-based open source forum program . A cross-site scripting vulnerability exists in Vanilla Forums versions 2.0.18.12 and 2.1.x prior to 2.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
PYSEC-2015-37
OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...
openstack-glance: unrestricted path traversal flaw
It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw...
DEBIAN-CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
DEBIAN-CVE-2014-9493
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...
DEBIAN-CVE-2014-9221
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service invalid pointer dereference via a crafted IKEv2 Key Exchange KE message with Diffie-Hellman DH group 1025...
UBUNTU-CVE-2014-8184
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable in liblouis. An attacker could create a malicious file that would cause applications that use liblouis such as Orca to crash, or potentially execute arbitrary code when opened...
PT-2014-5437 · Red Hat · Spacewalk-Java +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...
CVE-2012-5242
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter in a gettemplate action...
openstack-keystone: token expiration date stored incorrectly
A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...
DEBIAN-CVE-2014-5356
OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...
PYSEC-2014-108
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
UBUNTU-CVE-2014-5356
OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...
PT-2014-5590 · Raritan Japan · Raritan Dominion Kx2-101
Name of the Vulnerable Software and Affected Versions: Raritan Japan Dominion KX2-101 switches versions prior to 2 Description: The issue allows remote attackers to cause a denial of service, resulting in a device hang, via a crafted packet. Recommendations: For versions prior to 2, update to...
UBUNTU-CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
CVE-2014-1995
Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
jsboard 2.0.16 Local File Include Vulnerability
Exploit for php platform in category web applications ----------exploit Debut Local File Include Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : http://kldp.net/projects/jsboard/ Version : 2.0.16 Download : http://kldp.net/frs/download.php/6058/jsboard-2.0.16.tar.gz...
Qemu: block: possible crash due signed types or logic error
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
Integer overflow in the virtionethandlemac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow...
PT-2020-7590 · Qemu +3 · Qemu +3
Name of the Vulnerable Software and Affected Versions: Qemu versions prior to 2.0 Description: The issue arises from missing bounds checks for block size and logical sector size variables in the block driver for Hyper-V VHDX Images. This could lead to infinite loops and other potential issues whe...