4108 matches found
Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities
Title: ====== Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities Date: ===== 2012-06-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=526 VL-ID: ===== 526 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Die...
Elite Bulletin Board SQL Injection Vulnerability
Elite Bulletin Board is an advanced Bulletin Board program that provides advanced features such as CAPTCHA, sub-board, skinning ability, multilingual, commercial password encryption, and much more. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...
DEBIAN-CVE-2012-2653
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon...
CVE-2012-2653
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon...
Phonalisa 5.0 VoiP Code Execution / Cross Site Scripting
Title: ====== Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities Date: ===== 2012-06-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=526 VL-ID: ===== 526 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Die...
CVE-2012-0833
The acllashandlegroupentry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions ACIs that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service...
Code injection
The ext4fillflexinfo function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem...
CVE-2012-0833
The acllashandlegroupentry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions ACIs that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service...
Debian DSA-2481-1 : arpwatch - fails to drop supplementary groups
Steve Grubb from Red Hat discovered that a patch for arpwatch as shipped at least in Red Hat and Debian distributions in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
CVE-2012-3800
Cross-site scripting XSS vulnerability in og.js in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title...
CVE-2012-2721
The default views in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact...
Cross site scripting
Cross-site scripting XSS vulnerability in og.js in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title...
Design/Logic Flaw
The default views in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact...
CVE-2012-2721
The default views in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact...
CVE-2012-3800
Cross-site scripting XSS vulnerability in og.js in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title...
CVE-2012-3800
The vulnerability CVE-2012-3800 affects the Organic Groups module for Drupal (6.x-2.x) prior to 6.x-2.4 when used with the Vertical Tabs module. The issue is an XSS in og.js that allows remote authenticated users to inject arbitrary script or HTML via the group title. The Drupal security advisory...
CVE-2012-2721
The CVE-2012-2721 issue affects the Organic Groups module for Drupal 6.x, specifically versions prior to 6.x-2.4. The vulnerability arises because the module’s default views do not properly enforce Drupal core permissions when all users have the 'access content' permission removed, enabling remot...
OpenCart CMS Cross Site Scripting
| |/ | | / | | / \ | | | | / \ | | | |/ | | / | | | | ' \ / / / / / / / / | / / \ \ | | | | | |/ / | | | \ \ \ | | \ \ \ | / / /||/|| |// \ , /\ , /|// || / || || / || || -------------------------------------------------------------------...
RedHat Update for 389-ds-base RHSA-2012:0813-04
Check for the Version of 389-ds-base OpenVAS Vulnerability Test RedHat Update for 389-ds-base RHSA-2012:0813-04 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
CVE-2012-2654
The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...