FreeBSD : phpMyAdmin -- Self-XSS due to unescaped HTML output in import. (0871d18b-9638-11e3-a371-6805ca0b3d42)

The phpMyAdmin development team reports : When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...

phpMyAdmin -- Self-XSS due to unescaped HTML output in import.

The phpMyAdmin development team reports: When importing a file with crafted filename, it is possible to trigger an XSS. We consider this vulnerability to be non critical...

UBUNTU-CVE-2012-2106

Integer overflow in the pvimport function in util/pvimport.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow...

Dahan-pass version of the jcms arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Brief description: Dahan-pass version of the jcms arbitrary file upload vulnerability Detailed description: The problem is in the import the xml file, just using a local js validation, no server-side validation, and access to the file without any control, the server also not upload the file...

Softaculous Import权限提升漏洞

Softaculous是一款cPanel和DirectAdmin的自动安装程序。 由于导入程序是的为名错误，攻击者可以利用漏洞活动root权限。 0 Softaculous 4.x 厂商补丁： Softaculous ----- Softaculous 4.3.8版本以修复此漏洞，建议用户下载使用： http://www.softaculous.com/softaculous/...

PT-2013-6302 · Zenphoto · Zenphoto

Name of the Vulnerable Software and Affected Versions: Zenphoto versions prior to 1.4.5.4 Description: The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the tableprefix parameter in the wordpress import.php file within the...

Hyper-V VSS snapshot import delay

Challenge If you backup your VMs using Dell Equallogic hardware VSS provider in some cases datavhd/vhdx that we read from VSS snapshot could be inconsistent Cause During Hyper-V backup, we execute VSS API call DoSnapshotSet, as soon as it completes, we execute ImportSnapshot VSS API call, without...

CVE-2013-1058

The CVE-2013-1058 entry affects MAAS: the component maas-import-pxe-files in MAAS prior to 13.10 does not cryptographically verify downloaded content, allowing an attacker to modify images via a MITM. Impact: potential integrity compromise of downloaded PXE/boot data. Affected version line is MAA...

Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability

Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...

Fedora Update for phpMyAdmin FEDORA-2013-18802

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-18802 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

MAAS privileg escalation

maas-import-pxe-files privilege escalations...

[SECURITY] Fedora 20 Update: phpMyAdmin-3.5.8.2-1.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 19 Update: phpMyAdmin-3.5.8.2-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Ubuntu Update for maas USN-2013-1

Check for the Version of maas OpenVAS Vulnerability Test $Id: gbubuntuUSN20131.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for maas USN-2013-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

GnuPG: read_block() corrupt key input validation

The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP packet...

GnuPG: read_block() corrupt key input validation

The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP packet...

Fedora 18 : zabbix-2.0.8-3.fc18 (2013-18348)

New upstream version 2.0.8 - Patch for CVE-2013-5743 SQL injection vulnerability, ZBX-7091 - Patch for ZBX-6922 Failing host XML import - SQL speed-up patch for graphs ZBX-6804 - Require php-ldap and ZBX-6992 Service SQL - Create and configure a spooling directory for fping files outside of /tmp...

Fedora 19 : zabbix-2.0.8-3.fc19 (2013-18351)

New upstream version 2.0.8 - Patch for CVE-2013-5743 SQL injection vulnerability, ZBX-7091 - Patch for ZBX-6922 Failing host XML import - SQL speed-up patch for graphs ZBX-6804 - Require php-ldap and ZBX-6992 Service SQL - Create and configure a spooling directory for fping files outside of /tmp...