3856 matches found
Updated phpmyadmin packages fix security vulnerabilities
Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...
kernel: b43: format string leaking into error msgs
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
Design/Logic Flaw
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...
CVE-2013-3742
Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...
CVE-2013-3742
Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...
CVE-2013-4097
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message...
CVE-2013-4097
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message...
PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net
Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...
CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
CVE-2013-2852
Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe...
DS3 Authentication Server Command Execution Vulnerability
DS3 Authentication Server suffers from path disclosure and remote command execution vulnerabilities. Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date: 27.May.2013 Author: Pedro Andujar .: INTRO :. The DS3 Authentication Server applianc...
CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...
Google Chrome - Cookie Verification Denial of Service
Google Chrome - Cookie Verification Denial of Service source: https://www.securityfocus.com/bid/58857/info Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject special...
Mozilla Firefox - Cookie Verification Denial of Service
Mozilla Firefox - Cookie Verification Denial of Service source: https://www.securityfocus.com/bid/62969/info Mozilla Firefox is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject specia...
Google Chrome - Cookie Verification Denial of Service
source: https://www.securityfocus.com/bid/58857/info Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage,...
ipa security, bug fix and enhancement update
3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...
CVE-2012-6515
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid coursesID parameter in the lessoninfo module to index.php, which reveals the installation path in an error message...