CVE-2013-3759

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality...

Oracle Linux 6 : kernel (ELSA-2013-0567)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0567 advisory. 2.6.32-358.0.1 - kernel utrace: ensure archptrace/ptracerequest can never race with SIGKILL Oleg Nesterov 912073 912074 CVE-2013-0871 Tenable has extracted the...

Oracle Linux 6 : kernel (ELSA-2011-1189)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory. - net nl80211: missing check for valid SSID size in scan operation Stanislaw Gruszka 718157 718158 CVE-2011-2517 - net bluetooth: l2cap and rfcomm: fix...

WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

InstantCMS 1.6 Code Execution

NoTrayIcon Region ; Directives created by AutoIt3WrapperGUI AutoIt3WrapperOutfile=exploit.exe AutoIt3WrapperUseUpx=n AutoIt3WrapperChange2CUI=y EndRegion ; Directives created by AutoIt3WrapperGUI include include cs Demo vid: http://youtu.be/jRIPh-nYpY Print Screen:...

CVE-2013-2864

The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via unknown vectors...

Code injection

The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via unknown vectors...

CVE-2013-2864

Removed by vendor...

[SECURITY] Fedora 19 Update: schroot-1.4.25-13.fc19

schroot allows users to execute commands or interactive shells in different chroots. Any number of named chroots may be created, and access permissions given to each, including root access for normal users, on a per-user or per-group basis. Additionally, schroot can switch to a different user in...

ecshop最新版本几处用户权限越权(其它版本亦可)

简要描述： 就是可以帮助管理员管理订单啥的，匿名活雷锋呐～ 详细说明： 当开启WAP功能手机商城时，未登录可对其它用户订单操作：查看非注册用户订单、取消任意用户订单、任意用户订单确认收货等。 漏洞存在于 /mobile/user.php 页面 1.查看非注册用户订单 elseif $act == 'orderlist' // /mobile/user.php 49行起 $recordcount = $db-getOne"SELECT COUNT FROM " .$ecs-table'orderinfo'. " WHERE userid = $SESSION'userid'";...

New Reveton Ransomware Variant Steals Passwords

The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to new research. Ransomware, sometimes called scareware, is a type of malware that locks down infected machines, offering to unlock them only after a fee has been paid. Oftentime...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

Code injection

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

Novell Identity Manager Role Based Provisioning Module Unspecified Vulnerability

The remote web server has an install of Novell Identity Manager Role Based Provisioning Module that is affected by an unspecified vulnerability in its login functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

Design/Logic Flaw

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

CVE-2013-1147

Cisco IOS PT (Protocol Translation) vulnerability CVE-2013-1147 affects IOS 12.3–12.4 and 15.0–15.3. When one-step port-23 translation or a Telnet-to-PAD ruleset is configured, PT fails to validate TCP connection information, enabling unauthenticated remote DoS via an attempted connection to a PT...

Code injection

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors...

CVE-2012-4684

CVE-2012-4684 affects Bitcoin Core (bitcoind/Bitcoin-Qt) prior to 0.7.0. The alert functionality accepts different character representations of the same signature data but relies on a hash of the signature, enabling a remote attacker to trigger a denial-of-service (resource consumption) by sendin...