DEBIAN-CVE-2014-8415

Race condition in the chanpjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service assertion failure and crash via a cancel request for a SIP session with a queued action to 1 answer a session or 2 send ringing...

CVE-2014-3617

The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Easy File Sharing EFS Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when 1 creating a topic or 2 posting an answer. NOTE: some of these details are obtained from third party...

CVE-2014-5178

CVE-2014-5178 affects Easy File Sharing (EFS) Web Server 6.8. The vulnerability is cross-site scripting (XSS) triggered by the content parameter during topic creation or when posting an answer, exploitable by remote authenticated users. The provided documents do not specify a patch or a remediati...

AlstraSoft AskMe Pro 2.1 (profile.php?id) SQL Injection Vulnerability

No description provided by source. AlstraSoft AskMe Pro profile.php?id SQL Injection Vulnerability Author : CoBRa21 Author Web Page : null I've sold my website ipbul.org Dork : inurl:forumanswer.php?queid Script Page : http://www.alstrasoft.com/ Sql Injection :...

UBUNTU-CVE-2014-2892

Heap-based buffer overflow in the getanswer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP MMSH server response...

GLSA-201401-17 : PCSC-Lite: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201401-17 PCSC-Lite: Arbitrary code execution PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler atrhandler.c. Impact : A physically proximate attacker could execute...

最新版通达OA几处存储型XSS

简要描述： 最新版通达OA几处存储型XSS 详细说明： 测试版本：下载 通达OA 2013增强版125MB 下载地址：http://www.tongda2000.com/download/2013adv.php 更新于 2013-12-26 13:30 1、讨论区发帖处发帖内容存储型XSS 2、回答“OA知道”问题时以源码方式编辑存在存储型XSS： 漏洞证明： img src="https://images.seebug.org/upload...

Scientific Linux Security Update : ccid on SL5.x i386/x86_64 (20130930)

An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon root, by default, by inserting a...

SPBAS Business Automation Software XSS & CSRF Vulnerability

Exploit for php platform in category web applications SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the...

SPBAS Business Automation Software 2012 XSS / CSRF

SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://demo.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the...

SPBAS Business Automation Software 2012 - Multiple Vulnerabilities

SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the securi...

SPAM via Answer

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47171. panel I have received an email notification containing a link as an aswer one of my questions. It turns out that a spam. ...

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2013-1815 Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

PT-2013-3405

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack PackStack versions 2012.2.3 Description The issue allows local users to modify deployed systems by changing the answer file, which can be created in insecure directories such as /tmp or the current working directory...

packstack: answerfile creation permissions issue

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file...

Scientific Linux Security Update : pcsc-lite on SL6.x i386/x86_64 (20130221)

A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset ATR messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon root, by default, by inserting a specially...

PBBoard CMS 2.1.4 CSRF / Cross Site Scripting

Title: ====== PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=623 VL-ID: ===== 625 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= PBBoard...