CVE-2014-6581

CVE-2014-6581 affects Oracle E-Business Suite through the Oracle Customer Intelligence component, across versions 11.5.10.2 and 12.0.4–12.2.4. The vulnerability is described as unspecified with unknown vectors related to Extract/Load Programs, allowing remote attackers to impact confidentiality a...

Barracuda Load Balancer ADC Key Recovery / Password Reset Vulnerabilities

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key...

Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference

Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024;...

Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference

// clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g /machkernel | grep "; strcatcmd, sym; strcatcmd, " | cut...

Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability

Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...

python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate,...

Sql injection

SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter...

CVE-2014-10015

CVE-2014-10015 is a SQL injection vulnerability in the PHPJabbers Event Booking Calendar 2.0, specifically in load-calendar.php where the vulnerable parameter is cid . The issue allows remote attackers to execute arbitrary SQL commands, as described across multiple sources (NVD entry and corrobor...

PHP Fileinfo component denial of service vulnerability

Fileinfo component is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display file attributes and support batch modification of its attributes. A denial of service vulnerability in the...

Varnish Cache CLI Interface - Remote Code Execution (Metasploit)

Varnish Cache CLI Interface - Remote Code Execution Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Varnish Cache CLI Interface Bruteforce Utility', 'Description' = 'This...

DEBIAN-CVE-2014-9358

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

UBUNTU-CVE-2014-9358

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

Path traversal

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

DEBIAN-CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

Hardcoded credentials

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

UBUNTU-CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

USN-2439-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS,...

docker: symbolic and hardlink issues leading to privilege escalation

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

docker: Path traversal and spoofing opportunities presented through image identifiers

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

PT-2014-7210 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.2 Description: The issue allows remote attackers to write to arbitrary files and execute arbitrary code via a symlink or hard link attack in an image archive during a pull or load operation. This can be achieved...