118 matches found
Amazon Linux 2 : libvirt (ALAS-2019-1274) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to improve the...
Apache Solr Remote Code Execution Vulnerability (CNVD-2019-26390)
Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. Apache Solr has a remote code execution vulnerability that can be...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
Code injection
A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...
CVE-2019-8391
qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...
CVE-2019-8391
qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...
Cross site scripting
qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...
CVE-2019-8391
qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...
Information Disclosure
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed thei...
User Impersonation
matrix-synapse is vulnerable to user impersonation. If a configuration parameter called macaroonsecretkey is not set, the authentication secret key is derived using a predictable value and other secrets, allowing remote attackers to impersonate users...
Monstra CMS HTTP Header Injection Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An HTTP header injection vulnerability exists in the 'cfg' parameter of the...
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
A vulnerability in the remote management access control list ACL feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress...
CVE-2017-5165
CVE-2017-5165 affects the BINOM3 Universal Multifunctional Electric Power Quality Meter. The issue is a lack of CSRF protection (no CSRF token per page/sensitive function), which could allow a remote attacker to perform silent, unauthorized actions such as changing configuration and saving modifi...
Design/Logic Flaw
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...
CentOS 7 : autofs (CESA-2015:2417)
Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Oracle Linux 7 : autofs (ELSA-2015-2417)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-2417 advisory. 5.0.7-54.0.1 - add autofs-5.0.5-lookup-mounts.patch Orabug:12658280 Bert Barbe 1:5.0.7-54 - bz1263508 - Heavy program map usage can lead to a hang - fix out of...
Moderate: Red Hat Security Advisory: autofs security, bug fix and enhancement update
Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 5 : redhat-ds-base (RHSA-2012:1041)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1041 advisory. Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and...
phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)
According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...
Global variable scope injection.
PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...