7426 matches found
CVE-2014-8838
CVE-2014-8838 affects macOS OS X prior to 10.10.2, where the Security component mishandles cached app certificate information. This allows a crafted app signed with a revoked Developer ID to bypass Gatekeeper checks, as described in the vulnerability entry and corroborated by vulnerability listin...
Unspecified Vulnerability in Oracle Reports Developer
Oracle Reports Developer is a report development, design and production suite. A security vulnerability exists in Oracle Reports Developer that could be exploited by remote attackers to compromise system integrity...
CVE-2014-6580
Technical details about CVE-2014-6580 are not publicly available in the provided documents. The records only indicate an unspecified vulnerability in Oracle Reports Developer within Oracle Fusion Middleware; monitor for updates and additional disclosures.
corephp paGo, LFI 1.0.7 and below
Corephp paGo, , DT, LFI Developer update statement http://www.corephp.com/blog/corephp-announces-immediate-availability-pago-commerce-1-07-1/...
chicken -- buffer overrun in substring-index[-ci]
chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...
RHEL 6 : glibc (RHSA-2015:0016)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0016 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Serv...
glibc, nscd security update
CentOS Errata and Security Advisory CESA-2015:0016 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
Absolut Engine 1.73 - Multiple Vulnerabilities
CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...
Pilot CMS Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities. These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot "Ïèëîò" on Russian. It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products:...
[ANN] Apache Struts 2.3.20 GA release available with security fix
The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...
CentOS 7 : glibc (CESA-2014:2023)
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Moderate: Red Hat Security Advisory: glibc security and bug fix update
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
JVN#97384696: TSUTAYA App for Android vulnerable to arbitrary Java method execution
TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted web page, an arbitrary Java method may be executed. Solution Update the software Update to the latest version according to the information provided by the...
Papoo CMS 6.0.0 Rev. 4701 - Stored XSS Vulnerability
Exploit for php platform in category web applications Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability...
[SECURITY] [DLA 113-1] bsd-mailx security update
Package : bsd-mailx Version : 8.1.2-0.20100314cvs-1+deb6u1 CVE ID : CVE-2014-7844 It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can...
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability
Document Title: =============== iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1375 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID: ====================================...
Design/Logic Flaw
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
CVE-2014-7192 affects the syntax-error npm module (before 1.1.1) used with Node.js 0.10.x, including in IBM Rational Application Developer and related IBM/RSA products. The vulnerability stems from improper input handling in the syntax-error/index.js file, enabling remote attackers to execute arb...