58 matches found
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
CVE-2014-8326
Summary of CVE-2014-8326 (phpMyAdmin XSS): Multiple XSS vulnerabilities affect phpMyAdmin 4.0.x (before 4.0.10.5), 4.1.x (before 4.1.14.6), and 4.2.x (before 4.2.10.1). The issue enables remote authenticated users to inject arbitrary web script or HTML via crafted (1) database name or (2) table n...
CVE-2014-8326
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
MGASA-2014-0420 Updated phpmyadmin package fixes security vulnerability
In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries CVE-2014-8326...
Fedora 19 : imapsync-1.584-1.fc19 (2014-2468)
1.584 - Enhancement: Added --minmaxlinelength to select messages with long lines only. It helps to diagnostic Echange error on messages with lines longer than 9000 characters - Enhancement: Added --debugmaxlinelength - Bug fix: --ssl1 --tls2 was buggy because of default SSLVERIFYPEER. 'Can not go...
CentOS Update for samba CESA-2009:1529 centos4 i386
Check for the Version of samba OpenVAS Vulnerability Test CentOS Update for samba CESA-2009:1529 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users
Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...
When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users
Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...
PT-2011-2598 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 CHF1 and earlier Description: The issue allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. The vendor disputes the...
DEBIAN-CVE-2010-3902
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...
Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)
Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...
Moderate: Red Hat Security Advisory: samba3x security and bug fix update
Updated samba3x packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Samba is a suite of programs used by machines to share...
perl PERLIO_DEBUG privilege escalation
By using PERLIODEBUG variable it's possible to redirect debug output of suid application to any file. Oversized PERLIODEBUG causes buffer overflow...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
FreeBSD 3.3 - gdc Symlink
FreeBSD 3.3 - gdc Symlink source: https://www.securityfocus.com/bid/835/info It is possible to write debug ouput from gdc to a file /var/tmp/gdbdump. Unfortunately, gdc follows symbolic links which can be created in tmp and will overwrite any file on the system thanks to it being setiud root. Thi...