3856 matches found
Adobe Reader DC createSquareMesh Information Disclosure Vulnerability
This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Adobe Reader DC animations Information Disclosure Vulnerability
This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Adobe Reader DC loadFlashMovie Information Disclosure Vulnerability
This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Cloud Connect Jobs might start failing after upgrading to v8 update#3
Challenge After installation of update 3 for v8, tenants might report that their Cloud Connect jobs fail with "Failed to connect to the Veeam Cloud Connect service" error message, while tenant's job log includes "No such host is known" error message. Cause Tenant has a service provider added to h...
IBM OpenPages GRC Platform Information Disclosure Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. IBM OpenPages GRC Platform has a security vulnerability that allows a remote attacker to submit a special request to obtain sensitive information from an erro...
Unable to add/install an SSL certificate-key Pair to the CloudBridge: “Error detecting a valid private key file format”
When configuring an SSL Profile the backend server’s ssl certificate/key pair must be uploaded. The following error message is displayed when trying to upload the private key file regardless of the extension i.e .key or .txt Please correct any problems and resubmit your request Execution error...
ownCloud: gallery_plus: Content Spoofing
Attacker can send his messages directly through url. He can easily put his message on error message parameter . Like that http://192.168.0.107/owncloud/index.php/apps/galleryplus/error?message=Welcome to owncloud. You can get pro account by sending us 10 usd directly to our official paypal...
Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)
T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...
Username enumeration through the username parameter to the ViewUserHover resource.
It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...
Cisco IOS-XE Fragmented Packet Resource Consumption Vulnerability
A vulnerability in the packet reassembly subsystem of Cisco IOS-XE could allow an unauthenticated, remote attacker to consume CPU resources which may lead to a denial of service DoS condition. The vulnerability is due to an error message that is triggered to the console and the syslog when a...
Notepad++ 6.7.3 - Crash PoC
Exploit for windows platform in category dos / poc Title: Notepad++ - Crash Date: 10/07/2015 Author: Rahul Pratap Singh @0x62626262 Vendor Homepage: https://notepad-plus-plus.org Download: https://notepad-plus-plus.org/download/v6.7.3.html Version: v6.7.3 Tested on: WindowsXPx86 & Windows7x86...
Stop Watching Page in email footer is broken
The link is broken, the error message says that the security token is missing...
postgresql: multiple issues
CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...
Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...
Moodle Error Message Redirection Vulnerability
Moodle is an open source web-based teaching and learning application. A security vulnerability in the handling of Moodle error messages allows an attacker to exploit the vulnerability to redirect to an external site for phishing and other attacks...
IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net
IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
CVE-2015-2941 affects MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 when HHVM is used. The vulnerability arises from improper handling of a wddx_serialize_value call in api.php for invalid parameters in a wddx format request, which can lead to cross-site scripting v...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...