UBUNTU-CVE-2016-9103

The v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them...

openstack-manila-ui: persistent XSS in metadata field

A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...

openstack-manila-ui: persistent XSS in metadata field

A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...

openstack-manila-ui: persistent XSS in metadata field

A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...

CVE-2016-8565

Siemens Automation License Manager ALM before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets...

Cisco Unified Intelligence Center Security Mechanism Bypass Vulnerability

Cisco Unified Intelligence Center is the management center for Cisco's Unified Communications system. A security mechanism bypass vulnerability exists in Cisco Unified Intelligence Center that could be exploited by a remote attacker to create user accounts by submitting a special request...

UBUNTU-CVE-2016-7994

Memory leak in the virtiogpuresourcecreate2d function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via a large number of VIRTIOGPUCMDRESOURCECREATE2D commands...

c-ares heap buffer overflow vulnerability

c-ares is a C library for asynchronous execution of DNS requests and name resolution. A heap buffer overflow vulnerability exists in the 'arescreatequery' function in versions c-ares 1.0.0 through 1.11.0. A remote attacker could exploit this vulnerability to cause a denial of service write across...

Remote Code Execution Vulnerability in JumboTCMS V7.1.5.0829

JumboTCMS V7.1.5.0829 is a set of open source web content management system built by the Microsoft . JumboTCMS V7.1.5.0829 suffers from a remote code execution vulnerability. An attacker exploiting the vulnerability can create a new administrator, and further penetration can upload a shell to...

Cross site scripting

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

TeemIp 2.0.2 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TEEMIP-XSS-COOKIE-THEFT.txt + ISR: ApparitionSec Vendor: =============== www.combodo.com Product: ============== TeemIp v2.0.2 Offer your customers a professional and economically viable...

JON3: privilege escalation via improper authorization

It was found that JBoss Operations Network allowed regular users to add a new super user by sending a specially crafted request to the web console. This attacks allows escalation of privileges...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: geticuvalueinternal out-of-bounds read bnc982010. - CVE-2016-5094: Don't create strings with lengths outside int range bnc982011. - CVE-2016-5095: Don't create strings with...

The vulnerability of the Android operating system, which allows a hacker to circumvent existing access restrictions

The vulnerability of the Shell component in the Android operating system lies in the improper handling of the MANAGEUSERS and CREATEUSERS access control functions. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions through a specially created...

ALPINE-CVE-2016-5767

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library aka libgd before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly...

UBUNTU-CVE-2016-3833

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGEUSERS and CREATEUSERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712...

MariaDB Server 10.1.x < 10.1.14 Multiple Vulnerabilities

Binary data 9453.prm...

Atutor Arbitrary File Disclosure Vulnerability

ATutor is ATutor team developed a set of open source Web-based learning content management system . An arbitrary file disclosure vulnerability exists in Atutor. When saving data information, due to the "icon" HTTP POST passed to the "/mods/core/courses/users/createcourse.php" script, which fails ...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the createpbuf function in the Bluetooth operating system component of the Android device is due to buffer overflow. Exploiting this vulnerability can allow an attacker to enhance their privileges by initiating device connection processes...

[SECURITY] Fedora 24 Update: php-pecl-zip-1.13.4-1.fc24

Zip is an extension to create and read zip files...