CVE-2018-2365

SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

Debian: Security Advisory (DLA-1269-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe CreativeCloud (Webform) - Persistent Vulnerability

Document Title: =============== Adobe CreativeCloud Webform - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1848 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ==================================== 184...

CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

Code Injection through DLL Sideloading in 64bit Oracle Java(CVE-2017-3511)

This blog post is about a DLL sideloading vulnerability in the 64bit Windows version of Oracle Java. It allows any local user to inject code in Java processes of other users. At the time of writing it has been verified with the latest stable 64bit Java version 1.8.0101 on both a fully patched...

SUSE-SU-2016:1570-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen bsc982178 This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. bsc867943...

Mapbox (API) - Filter Bypass & Persistent Vulnerability

Document Title: =============== Mapbox API - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1787 ID: 119802 Release Date: ============= 2016-06-06 Vulnerability Laboratory ID VL-ID:...

PT-2015-3259

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3 Description The issue allows context-dependent attackers to obtain sensitive information via an unterminated encoding value or incomplete XML declaration in XML data, triggering an out-of-bounds heap read. This...

tomcat: multiple content-length header poisoning flaws

It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote...

Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Dat...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 12.0 and thus, is potentially affected by the following security issues : - An error exists with handling JavaScript errors that can lead to information disclosure. CVE-2011-1187 - An off-by-one error exists in the 'OpenType Sanitizer' which can le...

Moderate: Red Hat Security Advisory: jbossweb security and bug fix update

An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one security issue and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

MDKA-2007:092 : mc

This update fixes two separate problems in mc. Firstly, translations to several languages may not have been correctly displayed due to an encoding issue. Secondly, files uploaded to certain types of ssh servers via mc's fish protocol were corrupted. %NASLMINLEVEL 999999 @DEPRECATED@ This script h...

Mandriva Update for mc MDKA-2007:092 (mc)

Check for the Version of mc OpenVAS Vulnerability Test Mandriva Update for mc MDKA-2007:092 mc Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Firefox .properties memory leak

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

DEBIAN-CVE-2006-2659

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...