tgs cms 0.x (xss/sql/fd) Multiple Vulnerabilities

No description provided by source. | | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | | | | | | | | | | | | |/ / ||//\||| |||| ||,/| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ TGS CMS Cross Site Scripting,SQL injection,Blind SQL/XPath injection,Source code disclosure, Multiple...

AlienVault OSSIM av-centerd Command Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...

Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/695/info Hybrid Network's cable modems are vulnerable to several different types of attack due to a lack of authentication for the remote administration/configuration system. The cable modems use a protocol called HSMP,...

Sun SunPCi II VNC Software 2.3 Password Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5146/info The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is available for the SunPCi car...

Microsoft MPEG Layer-3 - Remote Command Execution Exploit

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 5 Binary Analysis | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow/...

XOOPS 2.0.14 (article.php) SQL Injection Vulnerability

No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ XOOPS 2.0.14 article.php SQL Injection Vulnerability Discovered By 0iZy5...

gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)

A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the...

UBUNTU-CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service IPv4 address attachment outage by attaching an IPv6 private subnet to a L3 router...

[SECURITY] Fedora 19 Update: php-doctrine-orm-2.4.2-2.fc19

Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...

[SECURITY] Fedora 20 Update: php-doctrine-orm-2.4.2-2.fc20

Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...

openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)

This Linux kernel security update fixes various security issues and bugs. The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed : A security issue in the tty layer that was fixed that could be used by local attackers for code execution CVE-2014-0196. Two...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

CentOS Update for gnutls CESA-2014:0594 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...

UBUNTU-CVE-2014-0195

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

UBUNTU-CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...