FreeBSD : mutt -- denial of service via crafted mail message (c3d43001-8064-11e4-801f-0022156e8794)

NVD reports : The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

Lazarus Guestbook 1.22 XSS / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...

ProjectSend r561 - Multiple Vulnerabilities

ProjectSend r561 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url...

ProjectSend r561 - Multiple Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name...

GQ File Manager 0.2.5 - Multiple Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor: http://installatron.com/phpfilemanager Vendor...

Papoo CMS 6.0.0 Rev. 4701 - Stored XSS Vulnerability

Exploit for php platform in category web applications Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

Fedora 21 : lsyncd-2.1.5-6.fc21 (2014-15338)

Fix bad shell argument escaping Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 19 : libksba-1.3.2-1.fc19 (2014-15838)

Minor update from upstream fixing moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 19 : drupal7-7.34-1.fc19 (2014-15522)

Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 19 : lsyncd-2.1.4-4.fc19.1 (2014-15373)

Fix bad shell argument escaping Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 19 : python-django14-1.4.16-1.fc19 (2014-15307)

Update to latest stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 20 : kde-runtime-4.14.3-2.fc20 (2014-15532)

New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Apple iOS security bypass Vulnerability(CVE-2 0 1 4-4 4 5 7)-vulnerability warning-the black bar safety net

Affected system: Apple iOS 8.1.1 Description: BUGTRAQ ID: 7 1 1 4 3 CVECAN ID: CVE-2 0 1 4-4 4 5 7 OS X, formerly Mac OS X Apple for Macintosh the development of dedicatedoperating systemthe latest version. iOS is by Apple for mobile devices developed bythe operating system, the supported devices...

Fedora 20 : facter-1.7.6-1.fc20 (2014-12699)

Update to 1.7.6 for bz1107891 and CVE-2014-3248 See http://puppetlabs.com/security/cve/CVE-2014-3248 for more information upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Fedora 21 : kernel-3.17.3-300.fc21 (2014-15159)

Latest upstream stable release, Linux v3.17.3. A wide variety of fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible witho...

Fedora 21 : kde-workspace-4.11.14-1.fc21 (2014-14895)

New security fix release, privilege escalation issue, see also https://www.kde.org/info/security/advisory-20141106-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 21 : golang-1.3.3-1.fc21 (2014-14130)

update to go1.3.3 bz1146882 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 20 : hostapd-2.3-1.fc20 (2014-13783)

Security fix for CVE-2014-3686. Update to version 2.3 from upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Cisco Unified Communications Manager Multiple Reflected XSS

According to its self-reported version, the remote Cisco Unified Communications Manager CUCM device is affected by multiple reflected cross-site scripting vulnerabilities due to insufficient input validation of certain parameters passed via HTTP GET or POST methods. %NASLMINLEVEL 70300 C Tenable...

Fedora 21 : python-oauth2-1.5.211-8.fc21 (2014-12483)

Actually apply patch to fix CVE-2013-4347 thanks to Jason Green, Matt Wilson. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block direct...