Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...

GNU wget FTP Remote File Creation (CVE-2014-4877)

An input validation error exists in wget. The vulnerability can occur when wget retrieves files or directories over FTP that are or that contain symlinks. A remote attacker can exploit this vulnerability by creating a crafted FTP directory listing on a server and enticing a user to open the FTP...

PhpMyAdmin preg_replace Function Code Injection - Ver2 (CVE-2013-3238)

A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...

McAfee ePolicy Orchestrator XML Entity Injection (CVE-2015-0921)

An XML External Entity vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an input validation error in the ePO-web application. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...

VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Windows)

The version of VMware Player installed on the remote host is version 6.x prior to 6.0.5. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists that allows a local attacker to escalate privileges or cause a denial of service via an arbitrary write to a file...

Novell eDirectory IMONITOR Cross-Site Scripting (CVE-2014-5212)

A cross-site scripting vulnerability exists in Novell eDirectory IMONITOR. The vulnerability is due to an input validation error while parsing the rdn parameter. A remote attacker could exploit this vulnerability to execute arbitrary script or HTML code in the user's browser session...

Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities : - Several unspecified errors exist in the 'dirapi.dll' module that allow arbitrary code execution. CVE-2010-2587, CVE-2010-2588,...

IBM DB2 9.7 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by the following vulnerabilities : - An input-validation error exists related to handling the 'ALTER MODULE' statement that allows buffer overflows. CVE-2014-3094 - An error exists related to handling...

HP System Management Homepage red2301.html RedirectUrl Cross Site Scripting (CVE-2014-2640)

A cross-site scripting vulnerability exists in HP's System Management Homepage SMH. The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious...

PHP 5.4.x < 5.4.34 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-366...

Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities

Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...

Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities

Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...

MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS

According to its version number, the MediaWiki application running on the remote host is affected by an input validation error related to SVG file upload handling and CSS content filtering that can lead to cross-site scripting XSS attacks. Note that Nessus has not tested for this issue but has...

Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)

The version of Adobe Acrobat installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists that allows arbitrary code execution. CVE-2014-0560 - A heap-based...

Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)

The version of Adobe Reader installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists that allows arbitrary code execution. CVE-2014-0560 - A heap-based...

phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow...

Joomla Kunena Forum 3.0.5 Cross Site Scripting

Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...

Joomla Kunena Forum 3.0.5 SQL Injection

Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...

VUPEN Security Research - Microsoft Windows &quot;DirectShow&quot; Privilege Escalation Vulnerability &#40;Pwn2Own 2014&#41;

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user...

SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when...