CVE-2017-5216

Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed...

Update Rollup 8 for System Center 2012 R2 Orchestrator

Update Rollup 8 for System Center 2012 R2 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2012 R2 Orchestrator. It also contains the installation instructions for Update Rollup 8 for System Center 2012 R2 Orchestrator. Issu...

GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC

GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC This article describes an issue in which the Group Policy Object GPO import fails and the target policy is deleted during the rollback process on a Windows Server 2012 R2-based domain...

PT-2022-24411 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.0 Description: A vulnerability has been found in phpipam, allowing for cross site scripting through the manipulation of an unknown functionality in the file app/admin/import-export/import-load-data.php of the...

FTPShell Server 6.36 - .csv Local Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit FTPShell server 6.36 '.csv' CrashPoC Author: albalawisultan Tested on:win7 st :http://www.ftpshell.com/download.htm 1-open FTPShell Server Administrator 2-manage Ftp accounts 3-import from csv ban=...

FTPShell Server 6.36 - .csv Local Denial of Service

FTPShell Server 6.36 - .csv Local Denial of Service Exploit FTPShell server 6.36 '.csv' CrashPoC Author: albalawisultan Tested on:win7 st :http://www.ftpshell.com/download.htm 1-open FTPShell Server Administrator 2-manage Ftp accounts 3-import from csv ban=...

Elevation of Privilege Vulnerability in the background of emlog personal blog system

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A privilege elevation vulnerability exists in the background /src/admin/data.php page of the emlog personal blog system. An attacker can exploit the vulnerability to elevate privileges by importing files...

openssl: use-after-free on invalid EC private key import

A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported...

openSUSE Security Update : w3m (openSUSE-2016-1457)

This update for w3m fixes the following security issues bsc1011293 : - CVE-2016-9622: w3m: null deref bsc1012021 - CVE-2016-9623: w3m: null deref bsc1012022 - CVE-2016-9624: w3m: near-null deref bsc1012023 - CVE-2016-9625: w3m: stack overflow bsc1012024 - CVE-2016-9626: w3m: stack overflow...

ALPINE-CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

DEBIAN-CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

Cross site request forgery (csrf)

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

UBUNTU-CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

ALPINE-CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

DEBIAN-CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

DEBIAN-CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-6632

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-9859

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...