1406 matches found
BP Group Documents 1.2.1 XSS / CSRF / File Move
Details below. We intended to publish these earlier, but they slipped through the net. The most recent version is 1.5, and all these were reported fixed in 1.2.2. First one: https://security.dxw.com/advisories/stored-xss-vulnerability-in-bp-group-documents-1-2-1/ Details ================ Software...
Apache mod_dav_svn DoS
Assertion failure on COPY, DELETE and MOVE commands processing...
DEBIAN-CVE-2013-4131
The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...
Out-of-bounds
The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...
CVE-2013-4131
The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...
UBUNTU-CVE-2013-4131
The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...
CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...
How to Relocate Veeam Backup & Replication Backup Files
Other Data Relocation-Related Articles KB2236 --Moving backup files to/from a Scale-Out Backup Repository. KB2321 -- Changing the backup location of Veeam Agent jobs operating in Standalone mode not directly controlled by Veeam Backup & Replication but targeting a Veeam Backup & Replication...
rhev-m: MoveDisk ignores the disk's wipe-after-delete property
Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...
Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
Use-after-free vulnerability in the nsTArraybase::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service...
CVE-2012-1122
bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...
CVE-2012-1122
bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...
XSS vulnerability in the "move" page action with html/js in the page name
There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...
XSS vulnerability in the "move" page action with html/js in the page name
There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...
DEBIAN-CVE-2009-5056
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
CVE-2009-5056
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
Former Hacker Li Jun Donates to Panda Research Center
In 2006, Li Jun, a Chinese man, was jailed for creating the ‘Fujacks’ worm. Recently, he appears to be attempting to rehabilitate his public image by making a donation to a panda research center in China. Li Jun was arrested in February 2007 and charged with writing and selling the "Panda Burning...
Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)
Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...
mojoportal - Multiple Vulnerabilities
mojoportal - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : mojoportal Multiple Remote Vulnerabilities Affected Version : mojoPortal 2-3-4-3 Discovery :...
TurboFTP FTP Server directory traversal
Directory traversal via mkdir and move command...