McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28228/info McAfee Framework is prone to a remote format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the...

OneThink内容管理框架官网储存型XSS攻击

简要描述： 此内容管理框架OneThink为ThinkPHP框架同公司产品。用到了ThinkPHP最新版本3.2。 详细说明： 今天刚开始分析该内容管理框架，说实话，很喜欢BootStrap，喜欢这款内容管理框架，所以决定与小伙伴一起为该内容管理框架的安全努力下去！继续以我的风格，先黑盒后白盒。 漏洞证明：...

Design/Logic Flaw

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors...

The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

[SECURITY] [DSA 2934-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2934-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 19, 2014 http://www.debian.org/security/faq -...

DSA-2934-1 python-django - security update

Bulletin has no description...

Hardcoded credentials

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

CVE-2014-3742

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

USN-2212-1: Django vulnerabilities

Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison...

Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)

This host is missing an important security update according to Microsoft Security Advisory 2960358. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2014-1806

CVE-2014-1806 affects the .NET Framework’s TypeFilterLevel handling in .NET Remoting, enabling remote execution of arbitrary code via malformed objects. Affected are .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1. Public exploits exist (e.g., ExploitRemotingService and EDB-35280) ...

struts security update

CentOS Errata and Security Advisory CESA-2014:0474 Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

Apache Struts Zero Day Vulnerability Patch to be Re-Issued

The Apache Software Foundation today released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen...

USN-2169-1: Django vulnerabilities

Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. CVE-2014-0472 Paul McMillan discovered that Django...

CVE-2014-2464

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security...

CVE-2014-2466

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security...

Security feature bypass

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445...

CVE-2014-2466

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security...

CVE-2014-2467

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445...

CVE-2014-2445

The CVE-2014-2445 entry concerns an unspecified vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite 9.3.3. The impact is limited to integrity and is exploitable by remote authenticated users; vectors are not known, and the exact vulnerability is not det...