Belchior Foundry VCard 2.8 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without havin...

Gamespy Software Development Kit CD-Key Validation Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11881/info It has been reported that the GameSpy SDK is prone to a buffer overflow vulnerability in its CD-key validation functionality. This issue is due to a failure of the SDK to properly check the length of...

Solaris 8 libsldap Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a...

iCal 3.7 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6506/info A buffer overflow vulnerability has been reported for iCal. The vulnerability occurs when the iCal web server receives an overly long HTTP request. This will cause iCal to crash and result in a denial of service...

Simple PHP Blog <= 0.4.0 - Remote Command Execution

No description provided by source. $Id: sphpblogfileupload.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...

[SECURITY] Fedora 20 Update: gnupg2-2.0.24-1.fc20

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Cmseasy SQL注射漏洞 2

简要描述： 注入..无限制 详细说明： frontclass.php 对 username 做了限制 但是 忘了\转义符 ifpregmatch'/'|"/', $POST'username' || pregmatch'/'|"/', $GET'username' || pregmatch'/'|"/', $COOKIE'loginusername' exit'非法参数'; 先看注册 useract.php 289 行: function registeraction iffront::post'submit' if!config::get'regon'...

Wireless Network Watcher - Show who is connected to your wireless network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...

CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

CVE-2013-5356

Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors...

Authentication flaw

Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors...

openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)

imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 bnc856837 - core: Add an Icinga syntax plugin for Vim 4150 - LE/MF - core: Document dropped options logexternalcommandsuser and eventprofilingenabled 4957 - BA - core: type in spec...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140610)

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory...

CentOS 5 : kernel (CESA-2014:0740)

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

SOL15300 - Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Recommended Action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...

CVE-2014-3758

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

Sql injection

Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...