openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

Kernel: net: information leak in recvmsg handler msg_name & msg_namelen logic

The mISDNsockrecvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 xss parameter in an allow action to rss.php, 2 msg parameter to end-user/errdoc.php, 3 h parameter to end-user/ftpredirect.php, or 4...

Sql injection

Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the 1 name and 2 msg parameters. NOTE: some of these details are obtained from third party information...

CVE-2011-5199

Cross-site scripting XSS vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2012-1835

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

Path traversal

The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...

CVE-2012-3357

CVE-2012-3357 affects ViewVC prior to 1.1.15. The Subversion revision view mishandles log messages when a readable path is copied from an unreadable path, enabling remote disclosure of sensitive information. The issue arises in lib/vclib/svn/svn_repos.py due to improper handling of log messages a...

CVE-2012-3357

The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...

Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)

The version of Symantec Endpoint Protection Manager running on the remote web server is affected by a cross-site scripting XSS vulnerability due to improper sanitization of input to the 'Msg' parameter in the TestConnection.jsp file. An unauthenticated, remote attacker can exploit this...

AIX 610006 : U839332

The remote host is missing AIX PTF U839332 which is related to the security of the package devices.msg.enUS.chrp.IBM.HPS.hpsfu.1.4.1.0 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

1600 New Web Sites Hacked by Hamdi HaCker ( The 077 ) !!

1600 New Web Sites Hacked by Hamdi HaCker The 077 !! List of Hacked sites : https://pastebin.com/cdxbYKjz Zone-H Link : News Source : Hamdi HaCker The 077 | Via Fb msg...

SafeSHOP 1.5.6 - Cross-Site Scripting Multiple Cross-Site Request Forgery Vulnerabilities

SafeSHOP 1.5.6 - Cross-Site Scripting Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which...

SafeSHOP 1.5.6 Cross Site Request Forgery / Cross Site Scripting / SQL Injection

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...

SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...

ULoki Community Forum 2.1 Cross Site Scripting

Exploit Title: ULoki Community Forum v2.1 usercp.php Cross Site Scripting Date: 10/02/2010 Author: Sioma Labs Software Link: http://www.uloki.com/download/ulokiforum06may2009.zip Version: v2.1 Tested on: Windows SP 2 / WAMP CVE : Code : / | | | | | \ | |/ | ' \ / | | | / | ' / | | | | | | | | |...

CVE-2008-6876

Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...

CVE-2009-2033

Cross-site scripting XSS vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...

CVE-2009-0857

Cross-site scripting XSS vulnerability in /prm/reports in the Performance Reporting Module PRM for Sun Management Center SunMC 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console...