Fedora 20 : php-ZendFramework-1.12.7-1.fc20 (2014-8308)

Update to 1.12.7 fixes CVE-2014-4914 aka. ZF2014-04: Potential SQL injection in the ORDER implementation of ZendDbSelect Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Medium: kernel

Issue Overview: arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service OOPS and system crash via an invalid syscall number, as demonstrated by numbe...

Infosec A-Team to Launch NSA-Proof Invisible Messenger for Whistleblowers

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to...

Insecure OpenID implementation - ownCloud

Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. Affected Software ownCloud Server 5.0.15...

CVE-2014-4655

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount value, which allows local users to cause a denial of service integer overflow and limit bypass by leveraging /dev/snd/controlCX acces...

CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

DEBIAN-CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

DropAFew 0.2 editlogcal.php save Action calories Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16567/info PwsPHP is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow...

Future Internet index.cfm Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could...

phpWebsite 0.8.2/0.8.3 friend.php sid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied...

Babe Logger 2.0 - comments.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15580/info Babe Logger is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...

Ocean12 Technologies Calendar Manager Pro 1.0 1 admin/main.asp date Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to...

Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection Exploit

No description provided by source. ?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...

PHPSlash 0.8.1 Article.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

OaBoard 1.0 Forum.PHP Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15245/info OaBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in ...

JPortal Web Portal 2.2.1/2.3.1 news.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitation could result in a...

Joomla 1.5.12 read/exec remote files

No description provided by source. ?php / Copyright c ITIX LTD This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later...

MDPro 1.0.76 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22293/info MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...