1001 matches found
SOL15261 - Apache Struts vulnerability CVE-2014-0112
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
MySQL User Defined Function Detected
Binary data 8218.prm...
[ExifTool] Read, Writing Meta Information Tools
ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP...
Huawei eSight User-Defined设备图像上传漏洞
BUGTRAQ ID: 64633 华为eSight是面向企业网的网络管理软件,针对中小企业的典型诉求,特别推出eSight体验版和eSight精简版,通过简单易用的管理系统帮助企业聚焦于关键业务应用,实现无忧网管。 由于程序在处理设备图像上传时未能正确验证文件,这可以被攻击者利用通过一个中间人攻击操纵上传的文件,并随后执行任意代码。 0 Huawei eSight V200R003C01SPC200 Huawei eSight = V200R003C00 厂商补丁: Huawei ----- Huawei eSight V200R003C01SPC200以修复此漏洞,建议用户下载使用:...
Apache 'mod_accounting'模块SQL注入漏洞(CVE-2013-5697)
BUGTRAQ ID: 62677 CVE ID: CVE-2013-5697 modaccounting是Apache 1.3.x上的流量计费模块,该模块使用数据记录流量,支持的数据库类型包括MySQL及PostgreSQL。 modaccounting 0.5模块在Host报文头中存在SQL注入漏洞,攻击者可利用此漏洞破坏应用,执行未授权数据库操作。该漏洞源于用户提供的HTTP报文头未经过滤即用在查询内。该模块使用了简单的字符串串联来修改已定义查询内的占位符,然后再发送到数据库内。该代码位于modaccounting.c内。 0 modaccounting 0.5 临时解决方法:...
FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)
The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...
SeaMonkey < 2.21 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.21 and thus, is potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tree Builder does n...
Fedora Update for lightdm FEDORA-2013-16388
Check for the Version of lightdm OpenVAS Vulnerability Test Fedora Update for lightdm FEDORA-2013-16388 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...
User-defined properties on DOM proxies get the wrong "this" object — Mozilla
Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker...
w-CMS 2.0.1 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications --- Vuln Code : /userFunctions.php 6. switch$REQUEST'udef' // user defined function ... 11. case 'activity': procActivity; // Exploit/Proof of Concept PoC http://localhost/wcms/userFunctions.php?udef=activity&type=shell.php&content= Find your...
SuSE 11.3 Security Update : lcms2 (SAT Patch Number 8091)
lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. - User defined parametric curves can now be saved in ICC profiles. - RGB profiles using same tone curves for several channels are storing now only one copy of the curve - update black...
[SECURITY] Fedora 19 Update: gegl-0.2.0-11.fc19
GEGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and processing core. This core is being designed to have minimal dependencies. and a simple well defined API...
CVE-2013-1687
CVE-2013-1687 affects Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. The vulnerability arises from insufficient restriction of XBL user-defined functions in the SOW (System Only Wrapper) and COW (Chrome Object Wrappe...
Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Mac OS X)
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillathunderbirdesrmultvulnjun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 Mac OS X Authors: Arun...
Mozilla: Privileged content access and execution via XBL (MFSA 2013-51)
The System Only Wrapper SOW and Chrome Object Wrapper COW implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute...
CVE-2012-6565
Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...
Cross site scripting
Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...
CVE-2012-6565
Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...
user_defined_regex
This plugin greps every response for a user defined regex. You can specify a single regex or an entire file of regexes each line one regex, if both are specified, the singleregex will be added to the list of regular expressions extracted from the file. A list of example regular expressions can be...