Fedora 19 : mediawiki-1.21.8-1.fc19 (2014-4511)

bug 62497 SECURITY: Add CSRF token on Special:ChangePassword. - bug 62467 Set a title for the context during import on the cli. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

LibreOffice < 3.6.7 / 4.0.4 / 4.1.0 .docm Import DoS

A version of LibreOffice prior to 3.6.7 / 4.0.4 / 4.1.0 is installed on the remote Windows host. It is, therefore, reportedly affected by a denial of service vulnerability. A flaw exists in the .docm import filter that could cause a NULL dereference. This could allow a remote attacker with a...

Fedora 19 : mingw-gnutls-3.1.22-1.fc19 (2014-3493)

Version 3.1.22 released 2014-03-03 - libgnutls: Corrected certificate verification issue GNUTLS-SA-2014-2 - libgnutls: Corrected issue in gnutlspcertlistimportx509raw when provided with invalid data. Reported by Dmitriy Anisimkov. - libgnutls: Corrected timeout issue in subsequent to the first DT...

CVE-2013-0299

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the timezone for the user via the lat and lng parameters to...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the timezone for the user via the lat and lng parameters to...

Input validation

Multiple incomplete blacklist vulnerabilities in 1 import.php and 2 ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file...

CVE-2013-1851

CVE-2013-1851 affects ownCloud server via an incomplete blacklist in lib/migrate.php. Affected versions are before 4.0.13 and before 4.5.8 (4.5.x). When user_migrate is enabled, remote authenticated users can import arbitrary files into their own account via unspecified vectors. Root cause is imp...

[WirelessKeyView] Recover lost wireless network key

WirelessKeyView recovers all wireless network security keys/passwords WEP/WPA stored in your computer by the 'Wireless Zero Configuration' service of Windows XP or by the 'WLAN AutoConfig' service of Windows Vista, Windows 7, Windows 8, and Windows Server 2008. It allows you to easily save all ke...

CVE-2014-0741

The CVE-2014-0741 issue affects Cisco Unified Communications Manager (Unified CM) via the CAPF certificate-import CLI. The root cause is insufficient input validation in the CAPF command-import flow, allowing an authenticated, local attacker with local access to read or modify arbitrary files on ...

CVE-2014-0741

The certificate-import feature in the Certificate Authority Proxy Function CAPF CLI implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461...

Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line function for certificate import of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write arbitrary files to the underlying operating system. The vulnerabilit...

CVE-2014-2205

CVE-2014-2205 affects McAfee ePolicy Orchestrator (ePO) up to version 4.6.7 with Hotfix 940148. The issue is an XML External Entity (XXE) weakness in the ePO Web Console that, when a remote, authenticated user with permission to add dashboards imports a crafted XML dashboard definition, allows re...

CVE-2014-2205

The Import and Export Framework in McAfee ePolicy Orchestrator ePO before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity XXE issue...

Updated phpseclib and phpmyadmin packages fix security vulnerability

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action CVE-2014-1879. This upgrade provides the latest phpmyadmin version 4.1.8 to address this vulnerabilit...

DEBIAN-CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

Cross site scripting

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

UBUNTU-CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...