3856 matches found
bash: security and bugfix update (critical)
bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...
openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)
bash was updated to fix a critical security issue, a minor security issue and bugs : In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...
CVE-2014-5336
Monkey HTTP Server before 1.5.3, when the File Descriptor Table FDT is enabled and custom error messages are set, allows remote attackers to cause a denial of service file descriptor consumption via an HTTP request that triggers an error message...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a 1...
CVE-2012-4241
Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...
CVE-2012-4241
Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...
CVE-2014-3550
Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...
Failed to load jet library
Challenge The following error occurs when attempting to perform a restore using Veeam Explorer for Exchange: "Failed to load jet library from C:\ProgramData\Veeam\Backup\ExchangeExplorer\ESE\V15\ese.dll" Solution To solve, upgrade to Internet Explorer 10+ as it contains the necessary Windows file...
Advantech WebAccess Remote Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certai...
CVE-2014-4907
Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...
CVE-2014-4907
Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...
Factlink: XSS 01 on staging.fct.li
hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...
Joomla 3.2.1 - SQL Injection Vulnerability
No description provided by source. Exploit Title: Joomla 3.2.1 sql injection Date: 05/02/2014 Exploit Author: [email protected] Vendor Homepage: http://www.joomla.org/ Software Link: http://joomlacode.org/gf/download/frsrelease/19007/134333/Joomla3.2.1-Stable-FullPackage.zip Version: 3.2.1 default...
Jakarta Tomcat 3.x/4.0 Error Message Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver...
BRS WebWeaver 0.x FTP Root Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2676/info BRS WebWeaver is an ftpd and webserver from Blaine Southam. WebWeaver's FTP component has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the F...
Webchat 2.0 Module Path Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the...
PBBoard 2.1.4 - Multiple SQL Injection Vulnerabilities
No description provided by source. Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu...
C-Cart 1.0 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8368/info C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information...