CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

Football [com_football],SQL Injection

Component comfootball, unknown version possibly joomleague fork SQL Injection...

USN-2614-1 linux vulnerabilities

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2589-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2589-1 advisory. Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest use...

Ubuntu: Security Advisory (USN-2589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2589-1 linux-lts-utopic vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...

Linux kernel int80 32-Bit Emulation Security Bypass Vulnerability

Linux kernel is an open source operating system. Linux kernel handles 'fork' and 'close' system calls int80 entries with emulated 32-bit processes incorrectly, allowing a local attacker to exploit the vulnerability to bypass specific sandboxing restrictions and perform malicious operations...

Updated socat packages fix CVE-2015-1379

Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...

UBUNTU-CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

Mandriva Linux Security Advisory : stunnel (MDVSA-2015:096)

Updated stunnel package fixes security vulnerability : A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed reinitialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the...

[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...

Multiple SQL Injection Vulnerabilities in Fork CMS

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A SQL injection vulnerability exists in Translations in Fork CMS versions prior to 3.8.6. The 'language' and 'type' parameters are not...

Fork CMS 3.8.5 - SQL Injection

Fork CMS 3.8.5 - SQL Injection CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89...

Fork CMS 3.8.5 - SQL Injection

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...

CVE-2015-1467

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the 1 language or 2 type parameter to private/en/locale/index...

Sql injection

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the 1 language or 2 type parameter to private/en/locale/index...

CVE-2015-1467

Fork CMS is affected by SQL injection in the Translations feature prior to version 3.8.6. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the language[] and type[] parameters sent to private/en/locale/index. The issue is triggered when an authenticated us...

CVE-2015-1467

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the 1 language or 2 type parameter to private/en/locale/index...

Fork CMS 3.8.5 SQL Injection Vulnerability

Fork CMS version 3.8.5 suffers from a remote SQL injection vulnerability. Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability...

Fork CMS 3.8.5 SQL Injection

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...