Wireshark console.lua pre-loading vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

CVE-2014-4329

Cross-site scripting XSS vulnerability in lua/hostdetails.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

PYSEC-2014-114

Cross-site scripting XSS vulnerability in lua/hostdetails.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2014-4329

Removed by vendor...

CVE-2014-4329

ntopng 1.1 is affected by a Cross-Site Scripting (XSS) vulnerability in lua/host_details.lua, allowing remote attackers to inject arbitrary web script or HTML via the host parameter. The underlying issue is improper input validation in host_details.lua. Affected component/file: host_details.lua w...

openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)

This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser...

openSUSE Security Update : wireshark (openSUSE-SU-2012:1633-1)

This update fixes the following issues for wireshark : - Security update to 1.8.4 : https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378 CVE-2012-5592 Wireshark 1 pcap-ng hostname disclosure wnpa-sec-2012-30 CVE-2012-5593 Wireshark 2 DoS infinite lo...

CVE-2013-4570

The CVE-2013-4570 issue affects the Scribuntu extension for MediaWiki via the php-luasandbox component: a vulnerability in zend_inline_hash_func can trigger a NULL pointer dereference and crash (DoS) when converting Lua data structures to PHP, demonstrated by input like { [{}] = 1 }. Affected ver...

Fedora Update for prosody FEDORA-2014-5586

Check for the Version of prosody OpenVAS Vulnerability Test Fedora Update for prosody FEDORA-2014-5586 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

[SECURITY] Fedora 19 Update: prosody-0.8.2-11.fc19

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Prosody XML解压缩拒绝服务漏洞

CVE ID:CVE-2014-2744、CVE-2014-2745 Prosody是一个用Lua语言编写的Jabber/XMPP服务器软件。 Prosody处理压缩流存在错误，允许攻击者通过XMPP流提交特制的XML消耗系统资源，造成拒绝服务攻击。 0 Prosody 0.x Prosody 0.9.4版本已修复该漏洞，建议用户下载使用： http://www.prosody.im...

Debian DSA-2895-1 : prosody - security update

A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-compressed XML elements attack known as 'zip bomb' over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected b...

DSA-2895-1 prosody - security update

Bulletin has no description...

[SECURITY] [DSA 2895-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 [email protected] http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq -...

CVE-2014-1645

CVE-2014-1645 is an SQL injection flaw in Symantec LiveUpdate Administrator (LUA) 2.x up to version 2.3.2.110, affecting the management GUI via forcepasswd.do and related password-recovery paths. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially exfiltrating...

Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL i

SUMMARY The management GUI for Symantec LiveUpdate Administrator does not properly protect the forgotten password functionality of the web interface. An unauthorized individual with knowledge of the email address for an authorized LUA user can potentially force an arbitrary password reset leading...

GLSA-201402-07 : Freeciv: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201402-07 Freeciv: User-assisted execution of arbitrary code The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. Impact : A remote attacker could entice a user to open a specially crafte...

Freeciv: User-assisted execution of arbitrary code

Background Freeciv is an open-source empire building strategy game. Description The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. Impact A remote attacker could entice a user to open a specially crafted scenario file, possibly resulting in execution o...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...