CVE-2014-5273

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

Updated phpmyadmin package fixes XSS vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages CVE-2014-5273. In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigg...

FreeBSD : phpMyAdmin -- XSS vulnerabilities (fbb01289-2645-11e4-bc44-6805ca0b3d42)

The phpMyAdmin development team reports : Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages. With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a...

Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages

PMASA-2014-8 Announcement-ID: PMASA-2014-8 Date: 2014-08-17 Summary Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages Description With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when...

phpMyAdmin -- XSS vulnerabilities

The phpMyAdmin development team reports: Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages. With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a craft...

UBUNTU-CVE-2014-1739

The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...

openSUSE Security Update : nmap (openSUSE-SU-2013:1561-1)

nmap was updated to fix the http-domino-enum-passwords scripts. If you ran the fortunately non-default http-domino-enum-passwords script with the fortunately also non-default domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to to be writt...

[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

postgresql: array indexing error in enum_recv()

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a...

CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

Directory traversal

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...

CVE-2013-4885

CVE-2013-4885 affects the Nmap NSE script http-domino-enum-passwords.nse (pre-6.40). When domino-enum-passwords.idpath is set, a crafted FullName response can cause the remote server to write arbitrarily named files via directory traversal sequences. The vulnerability is tied to the NSE script lo...

MGASA-2013-0305 Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

Nmap 任意文件写漏洞(CVE-2013-4885）

BUGTRAQ ID: 62024 CVECAN ID: CVE-2013-4885 nmap是一款用于网络发现（Network Discovery）和安全审计（Security Auditing）的网络安全工具，它是自由软件。 Nmap 6.25在http-domino-enum-passwords NSE脚本内存在任意文件上传漏洞，攻击者可利用此漏洞以当前用户权限写任意文件。 0 Nmap 6.25 厂商补丁： Nmap ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://nmap.org/download.html nmap --script...

Fedora 18 : nmap-6.40-1.fc18 (2013-14786)

updated for 6.40 - fixes CVE-2013-4885 nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...