discuz x3.0 20130801版本发表日志可xss

简要描述： 论坛开启日志功能的情况下，发表日志，在引入网络图片时可以实现xss。 详细说明： 一、详细说明： 1、论坛开启日志功能。 2、用户登录后打开日志功能。 3、发表日志，在引入网络图片时可以实现xss。 在ubuntu12.04LTS下搭建的apache2+php+mysql环境下，使用一切默认设置可以再现此漏洞，但我使用win2003时，之前能够再现，在没有更新配置的情况下发现今天不可再现此漏洞，onerror被替换成了点（.） 漏洞证明： 1、登录后打开日志模块。 2、发表日志，内容如下： 3、单击提交 4、提交日志后再浏览日志。...

SuSE 11.2 / 11.3 Security Update : apache2-mod_nss (SAT Patch Numbers 8610 / 8611)

This update fixes the following security issues with apache2-modnss : - client certificate verification problematic CVE-2013-4566. bnc853039 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information...

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

Buffer overflow

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

CVE-2013-1090

CVE-2013-1090 affects the SUSE horde5 package prior to 5.0.2-2.4.1. The issue is incorrect ownership for certain configuration files and directories, including /etc/apache2/vhosts.d, which can enable local wwwrun users to gain privileges via unspecified vectors. This is a local-privilege-escalati...

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

SuSE 11.3 Security Update : apache2-mod_security2 (SAT Patch Number 8149)

This update of modsecurity2 fixed a NULL pointer dereference crash CVE-2013-2765 and a memory issue double free. bnc822664 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)

This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read read2 returns 0 and errno is set to -EAGAIN. bnc815621 - Close the connection just before an attempted re-negotiation if data...

SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)

The following security issues have been fixed : - bnc828020:. CVE-2013-4635 - Integer overflow in SdnToJewish - bnc829207:. CVE-2013-4113 - heap corruption due to badly formed xml %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Ubuntu Update for apache2 USN-1903-1

Check for the Version of apache2 OpenVAS Vulnerability Test $Id: gbubuntuUSN19031.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for apache2 USN-1903-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

Ubuntu: Security Advisory (USN-1903-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 18 : php-5.4.17-2.fc18 (2013-12315)

04 Jul 2013, PHP 5.4.17 Core : - Fixed bug 64988 Class loading order affects ESTRICT warning. Laruence - Fixed bug 64966 segfault in zenddofcallcommonhelperSPEC. Laruence - Fixed bug 64960 Segfault in gczvalpossibleroot. Laruence - Fixed bug 64936 doc comments picked up from previous scanner run...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : apache2 vulnerabilities (USN-1903-1)

It was discovered that the modrewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. CVE-2013-1862 It was discovered that the modda...

USN-1903-1: Apache HTTP Server vulnerabilities

It was discovered that the modrewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. CVE-2013-1862 It was discovered that the modda...

Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1

April 14, 2013 Aleksey Avdeev 2.2.24-alt1 - 2.2.24 - Security fixes CVE-2012-3499, CVE-2012-4558, CVE-2012-0883, CVE-2012-2687...

Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1

April 14, 2013 Aleksey Avdeev 2.2.24-alt1 - 2.2.24 - Security fixes CVE-2012-3499, CVE-2012-4558, CVE-2012-0883, CVE-2012-2687...

Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1

April 14, 2013 Aleksey Avdeev 2.2.24-alt1 - 2.2.24 - Security fixes CVE-2012-3499, CVE-2012-4558, CVE-2012-0883, CVE-2012-2687...

Ubuntu Update for apache2 USN-1765-1

Check for the Version of apache2 OpenVAS Vulnerability Test $Id: gbubuntuUSN17651.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for apache2 USN-1765-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

Ubuntu: Security Advisory (USN-1765-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...