Redis < 2.8.21, 3.x < 3.0.2 EVAL Lua Sandbox Escape Vulnerability

It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian: Security Advisory (DSA-3279-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

redis -- EVAL Lua Sandbox Escape

Ben Murphy reports: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn’t pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that can...

From the client game bug looking of security risks-vulnerability warning-the black bar safety net

Although the now app development a growing trend in web applications, large-scale software also makes extensive use of the existing framework with the existing frameworks and engines improve, the vast majority of security issues have been resolved. But encountered some customization needs,...

[SECURITY] Fedora 20 Update: prosody-0.9.8-1.fc20

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

The vulnerability of the function for working with vararg arguments in Lua script interpreters allows attackers to trigger a denial-of-service attack.

The vulnerability of the function for handling vararg arguments ldo.c in the Lua script interpreter arises from the operation being performed outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by using a large number of...

The vulnerability of the function for working with vararg arguments in Lua script interpreters allows attackers to trigger a denial-of-service attack.

The vulnerability of the function for handling vararg arguments ldo.c in the Lua script interpreter arises from the operation being performed outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure by using...

Updated wesnoth packages fix CVE-2015-0844

Updated wesnoth packages fix security vulnerability A severe security vulnerability in Battle of Wesnoth's game client was found which could allow a malicious user to obtain personal files and information from other players in networked multiplayer games using the built-in WML/Lua API on any...

MGASA-2015-0154 Updated wesnoth packages fix CVE-2015-0844

Updated wesnoth packages fix security vulnerability A severe security vulnerability in Battle of Wesnoth's game client was found which could allow a malicious user to obtain personal files and information from other players in networked multiplayer games using the built-in WML/Lua API on any...

CVE-2015-0844

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...

Design/Logic Flaw

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...

CVE-2015-0844

Removed by vendor...

CVE-2015-0844

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...

CVE-2015-0844

CVE-2015-0844 affects Battle for Wesnoth 1.7.x–1.11.x and 1.12.x before 1.12.2, where the WML/Lua API allows remote attackers to read arbitrary files via a crafted campaign or map file. The vulnerability arises from insufficient validation in the API, enabling file disclosure through malicious co...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

DEBIAN-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

Cross site scripting

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

UBUNTU-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...