Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

Fedora 19 : readline-6.2-8.fc19 (2014-7496)

readline in Fedora is very slow when rleventhook is used, this update fix it. Security patch for debug function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it a...

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

.NET Remoting Services - Remote Command Execution

Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35280.zip ExploitRemotingService c 2014 James Forshaw ============================================= A tool to exploit .NET Remoting...

CentOS 6 : sudo (CESA-2013:1701)

An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

CVE-2014-8326

Summary of CVE-2014-8326 (phpMyAdmin XSS): Multiple XSS vulnerabilities affect phpMyAdmin 4.0.x (before 4.0.10.5), 4.1.x (before 4.1.14.6), and 4.2.x (before 4.2.10.1). The issue enables remote authenticated users to inject arbitrary web script or HTML via crafted (1) database name or (2) table n...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update

Updated python-keystoneclient packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

Fedora 21 : phpMyAdmin-4.2.10.1-1.fc21 (2014-13479)

phpMyAdmin 4.2.10.1 2014-10-21 ================================ - security XSS in debug SQL output - security XSS in monitor query analyzer Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

PHPB2B注入#2(绕过过滤)

简要描述： PHPB2B某处注入1。绕过过滤。 官方最新版本. https://github.com/ulinke/phpb2b/archive/master.zip 漏洞文件。 详细说明： POST /virtual-office/personal.php Content-Disposition: form-data; name="memberfieldfirstname" Content-Disposition: form-data; name="memberfieldlastname"...

phpMyAdmin 4.0.x < 4.0.10.5 / 4.1.x < 4.1.14.6 / 4.2.x < 4.2.10.1 Multiple XSS (PMASA-2014-12)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.5, 4.1.x prior to 4.1.14.6, or 4.2.x prior to 4.2.10.1. It is, therefore, affected by the following cross-site scripting vulnerabilities : - The...

CVE-2014-4812

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port...

Design/Logic Flaw

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port...

CVE-2014-4812

CVE-2014-4812 (IBM Security AppScan Source 8.x–9.0.1) : The installer exposes an open network port for a debug service, enabling remote attackers to obtain sensitive information by connecting to that port. The primary affected component is the installer for IBM Security AppScan Source; the underl...

MGASA-2014-0420 Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries CVE-2014-8326...