1274 matches found
Code injection
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to 1 new or 2 modified nodes or 3 their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email...
CVE-2014-9154
The CVE-2014-9154 entry concerns the Drupal Notify module (7.x-1.x) prior to version 7.x-1.1. The vulnerability arises because the module does not properly restrict access to new or modified nodes and their fields, enabling remote authenticated users to view node titles, teasers, and fields by re...
CVE-2014-9154
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to 1 new or 2 modified nodes or 3 their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email...
UBUNTU-CVE-2014-6251
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request...
PT-2016-7397 · Systemd +2 · Systemd +2
Name of the Vulnerable Software and Affected Versions: systemd affected versions not specified Description: The issue allows local users to cause a denial of service, resulting in a system hang. This occurs when a zero-length message is received over a notify socket, causing an error to be return...
SA-CONTRIB-2014-078 - Notify - Access bypass
The notify module allows users to subscribe to periodic emails which include all new or revised content and/or comments of specific content types, much like the daily newsletters sent by some websites. The Notify module does not sufficiently check whether the user has access to recently added or...
CVE-2014-4503
The parsenotify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service application exit via a crafted 1 bbversion, 2 prevhash, 3 nbit, or 4 ntime parameter in a mining.notify action stratum message...
HP OpenView Radia 2.0/3.1/4.0 Notify Daemon Multiple Remote Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13835/info HP OpenView Radia Notify Daemon RADEXECD is affected by multiple remote buffer overflow vulnerabilities. An attacker can craft a malicious request that can overflow a buffer and result in process memory...
Ian Dunn: Xss in CampTix Event Ticketing
Xss present in tools -- Notify I have made small video poc please have a look : https://www.dropbox.com/s/smuy4lfjwt9fx1v/ticket.mp4 Looking forward Atul...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter...
PHPMYWIND Sql Injection #2
简要描述: 过滤不严。 详细说明: PHPMyWind\data\alipay\notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; if$verifyresult //验证成功...
Kernel: net: information leak in AF_KEY notify
The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...
Kernel: net: information leak in AF_KEY notify
The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...
Kernel: net: af_key: initialize satype in key_notify_policy_flush
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...
Kernel: net: af_key: initialize satype in key_notify_policy_flush
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...
Kernel: net: information leak in AF_KEY notify
The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...
DEBIAN-CVE-2013-2237
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...
UBUNTU-CVE-2013-2237
The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...
PT-2013-3612 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue concerns the key notify policy flush function in the Linux kernel, which fails to initialize a certain structure member. This allows local users to obtain sensitive information from...
PT-2013-3611 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue affects the Linux kernel, where the key notify sa flush and key notify policy flush functions in net/key/af key.c do not properly initialize certain structure members. This allows loc...