3290 matches found
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
CVE-2015-2939
CVE-2015-2939 is a cross-site scripting (XSS) vulnerability in the MediaWiki Scribunto extension. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted function name, which is mishandled in a Lua error backtrace. This is a client-side input validation fla...
Wesnoth -- Remote information disclosure
US-CERT/NIST reports: The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted 1 campaign or 2 map file...
mediawiki: multiple issues
CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScrip...
Mandriva Linux Security Advisory : lua (MDVSA-2015:144)
Updated lua and lua5.1 packages fix security vulnerability : A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution CVE-2014-5461...
High-Speed Packet Generator: MoonGen
MoonGen is a high-speed scriptable packet generator. The whole load generator is controlled by a Lua script: all packets that are sent are crafted by a user-provided script. Thanks to the incredibly fast LuaJIT VM and the packet processing library DPDK, it can saturate a 10 GBit Ethernet link wit...
USN-2523-1 apache2 vulnerabilities
Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...
CVE-2015-0228
The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...
CVE-2015-0228
The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...
CVE-2015-0228
The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...
Amazon Linux AMI : httpd24 (ALAS-2015-483)
modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...
MGASA-2015-0034 Updated freeciv packages fix a security vulnerability
Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with...
Updated freeciv packages fix a security vulnerability
Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with...
Oracle Solaris Third-Party Patch Update : lua (cve_2014_5461_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a...
Oracle Solaris Third-Party Patch Update : wireshark (denial_of_service_vulnerability_in)
The remote Solaris system is missing necessary patches to address security updates : - The prototreeadditem function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service infinite loo...
CVE-2014-8109
modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...
Authorization
modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...
CVE-2014-8109
modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...