EUVD-2024-52883

Malicious code in bioql PyPI...

CVE-2024-55983

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through = 1.0.6...

CVE-2024-55983 WordPress PowerFormBuilder plugin <= 1.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6...

Cyberattackers Put the Pedal to the Medal: Podcast

Cyber-defenders have a lot on their plates: Rapid vulnerability exploitation. Ransomware-apalooza. Botnet infestations on the order never seen in the past. How can IT security teams effectively deal with the escalating volume of threats, especially as those threats become more sophisticated and...

[SECURITY] Fedora 18 Update: poppler-0.20.2-16.fc18

Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...

[SECURITY] Fedora 18 Update: poppler-0.20.2-10.fc18

Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...

VMware Fixes Privilege Escalation Vulnerability

Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface VMCI vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched. According to the VMware security advisory, a...

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...

VMSA-2012-0015:VMware Hosted Products and OVF Tool address security issues

VMSA-2012-0015 VMware Hosted Products and OVF Tool address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0015 VMware Security Advisory Synopsis: VMware Hosted Products and OVF Tool address security issues VMware Security Advisory Issue date: 2012-11-08...

FreeBSD : rssh -- configuration restrictions bypass (a4598875-ec91-11e1-8bd8-0022156e8794)

Derek Martin rssh maintainer reports : John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...

VMware ESXi and ESX address several security issues

a. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit,...

SA-CONTRIB-2012-047 - Ubercart Views - Information disclosure

CVE: CVE-2012-2074 Ubercart Views provides Views integration for the Ubercart shopping cart module, and includes default views that contain a critical information disclosure bug. In some versions, these views are disabled by default, but still disclose information if you enable them. Versions...

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

This module enables you to override whole vocabularies or individual terms with the View of your choice. The module did not filter user entered term descriptions for Cross Site Scripting XSS injections. This vulnerability is mitigated by the fact that an attacker must have a role with the...

Code to mitigate IE event zero-day &#40;CVE-2010-0249&#41;

Here's a mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day. Quite simply, it just disables the createEventObject method by mangling its name in memory. If anyone knows an important web application that uses createEventObject, please respond to the mailing list. Use this co...

[SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10

Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...

SA-CONTRIB-2009-055 - BUEditor - Cross Site Scripting

The BUEditor module provides a plain textarea editor designed to facilitate code writing. The module suffers from a Cross Site Scripting XSS vulnerability, which allows an attacker to hijack the account of a logged in user by tricking them into visiting a seemingly innocent page using the Live...

[SECURITY] Fedora 10 Update: poppler-0.8.7-6.fc10

Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...

Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...

Ubuntu Update for poppler vulnerability USN-496-2

Ubuntu Update for Linux kernel vulnerabilities USN-496-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN4962.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for poppler vulnerability USN-496-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...