QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...

Grsecurity Kernel PaX Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22014/info Grsecurity Kernel PaX is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to obtain superuser privileges. A successful attack can result in the complete compromise of the...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)

complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...

IRCCloud: Password type input with auto-complete enabled

Vulnerability description : When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker...

Mail.ru: (m.mail.ru) Password type input with auto-complete enabled

Password type input with auto complete enabled Vulnerability description: When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are...

Microsoft Office Excel SerAuxTrend Record Remote Code Execution (MS11-045) - Ver2 (CVE-2011-1274)

This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Successful exploitation of this vulnerabilit...

UBUNTU-CVE-2014-0049

Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...

Microsoft Office RTF Mismatch Memory Corruption (MS12-029) - Ver2 (CVE-2012-0183)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to a memory corruption while parsing specially crafted RTF-formatted data. A remote attacker can exploit this issue by enticing a target user to open a specially crafted RTF file. Successful...

Nortel Meridian Integrated RAN Default Admin Credentials

The remote device is a Nortel Meridian Integrated RAN MIRAN that uses a set of known, default credentials 'admin' / 'admin000'. Knowing these, an attacker able to connect to the service can gain complete control of the device. Nortel MIRAN is a system card that provides multi-tasking voice...

Nortel CS Signaling Server Default Admin Credentials

The remote device is a Nortel CS Signaling Server that uses a set of known, default credentials. Knowing these, an attacker able to connect to the service can gain complete control of the device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72600;...

NVIDIA Graphics Driver Unspecified Privilege Escalation (Unix / Linux)

The remote host has a driver installed that is affected by an unspecified, local privilege escalation vulnerability. Using the vulnerability, it may be possible for a local attacker to gain complete control of the system. C Tenable Network Security, Inc. include"compat.inc"; if description...

Improve filter behaviour: auto-complete should not give away field values

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-36881. panel h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance,...

Improve filter behaviour: auto-complete should not give away field values

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36881. panel h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, wh...

Improve filter behaviour: auto-complete should not give away field values

h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, when using the IN operator in JQL, auto-complete will "give away" values for the majority of fields. Given that for each individual project there are schemes restricting o...

ASUS RT-N13U Router Built-in Admin Telnet Account with Unchangeable Password

The remote host is running a telnet service with an unchangeable admin account with known credentials admin/admin. An attacker could log into this account and gain complete control of the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

MS13-081: Vulnerabilities in Windows kernel-mode drivers could allow remote code execution: October 8, 2013

Resolves vulnerabilities in Windows that could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.INTRODUCTIONMicrosoft has released...

Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3879 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

Title: ====== Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability Date: ===== 2013-09-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1080 VL-ID: ===== 1080 Common Vulnerability Scoring System: ==================================== 6....