UBUNTU-CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

JVN#18146081: LoadLibrary function in Microsoft Windows fails to validate input properly

The LoadLibrary function in Microsoft Windows fails to validate input properly. As a result, it may load a specially crafted DLL file CWE-114. Impact An arbitrary code may be executed as a result of an application loads a specially crafted DLL file. Solution Update the Software This issue was...

Directory traversal

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a loadtemplate action to wp-admin/admin-ajax.php...

SUSE SLED12 / SLES12 Security Update : autofs (SUSE-SU-2015:1020-1)

autofs was updated to fix one security issue. This security issue was fixed : - CVE-2014-8169: Prevent potential privilege escalation via interpreter load path for program-based automount maps bnc917977. The update package also includes non-security fixes. See advisory for details. Note that...

Privacy Proponents In Favor of Tracking Protection for Firefox

Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser. The functionality has existed in the browser for months but the idea of making ...

Schneider Electric OPC Factory Server DLL Load Arbitrary Code Execution Vulnerability

Schneider Electric OPC Factory Server OFS is a set of data communication editing software. The software supports access to important information, open page design, transparent architecture and interoperability to enable good processes and communication. A security vulnerability exists in the...

So, you wanna crypto (in AEM)

So another year passed by and I will talk again , ... at the Connect WE conference. This year with Damien Antipa we will have a speech entitled So, you wanna crypto in AEM . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al : N...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

Debian DSA-3253-1 : pound - security update (POODLE)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

DSA-3253-1 pound - security update

Bulletin has no description...

Debian Security Advisory DSA 3253-1 (pound - security update)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

Debian: Security Advisory (DSA-3253-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel Netfilter Connection Tracking Extension Load Denial of Service Vulnerability

Linux kernel is an open source operating system. A security vulnerability in the Linux kernel Netfilter Connection Tracking Extension loading feature allows an attacker to exploit the vulnerability to submit a special request to crash the system...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution

Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...

PT-2018-4213 · Python · Rope +1

Name of the Vulnerable Software and Affected Versions: CPython affected versions not specified Description: The issue allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load in the Rope library. This is due to a problem in the base/oi/doa.py file...

CentOS 7 : kernel (CESA-2015:0726)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...