Hikvision DS-7108HWI-SH XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-7108HWI-SH. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2013:0674-1)

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2013-0871: A race condition in ptrace2 could be used by local attackers to crash the kernel and/or execute code in kernel context...

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-2CD2012-I. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

openSUSE Security Update : gnu_parallel (openSUSE-2015-358)

GNU parallel was updated to version 20150422 to fix one security issue, several bugs and add functionality. The following vulnerability was fixed : - A local attacker could make a user overwrite one of his own files with a single byte when using --compress, --tmux, --pipe, --cat or --fifo when...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

[SECURITY] Fedora 22 Update: gnupg2-2.1.2-2.fc22

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within ZENworks Preboot Policy Service, which listens on port 13331. The vulnerability is in...

CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

UBUNTU-CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8713.prm...

Unspecified Vulnerability in Oracle PeopleSoft Product PeopleSoft Enterprise PeopleTools Component

Oracle PeopleSoft is a suite of enterprise human capital management solutions.PeopleSoft Enterprise PeopleTools is a tool and technology platform component that transforms the way organizations manage, use, and maintain PeopleSoft software. An unspecified security vulnerability exists in the PIA...

CVE-2015-0496

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...

Code injection

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...

CVE-2015-0496

CVE-2015-0496 affects Oracle PeopleSoft: PeopleSoft Enterprise PeopleTools component, specifically the PIA Search Functionality, in Oracle PeopleSoft products with version 8.53 and 8.54. The vulnerability is described as unspecified but allows remote authenticated users to affect confidentiality ...

CVE-2015-0496

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...

KLA10515 Multiple vulnerabilities in PHP and extensions

Multiple serious vulnerabilities have been found in PHP and extensions. Malicious users can exploit these vulnerabilities to cause denial of service or inject code. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be exploited remotely via a specially designed year...

TWiki Debugenableplugins Remote Code Execution Exploit

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: http://metasploit.com/download...

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midimanagerusb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

Important: Red Hat Security Advisory: redhat-access-plugin-openstack security update

An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...