1214 matches found
Fedora 21 : qemu-2.1.2-7.fc21 (2014-16075)
Fix qemu-img convert corruption for unflushed files bz 1167249 - Fix SLES11 migration issue bz 1109427 - CVE-2014-7840: insufficient parameter validation during ram load bz 1163080 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
MGASA-2014-0495 Updated phpmyadmin packages fix security vulnerabilities
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...
Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability
Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...
Fedora 20 : qemu-1.6.2-10.fc20 (2014-14033)
CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Note that Tenable Network Security has extracted the preceding description block directly...
Fedora 21 : qemu-2.1.2-6.fc21 (2014-13993)
CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Fix dep on numactl-devel to be build time not install time Note that Tenable Network Security...
(0Day) GoPro HERO 3+ gpExec start Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...
(0Day) GoPro HERO 3+ gpExec restart Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...
WatchGuard XTM 11.8.3 Cross Site Scripting
I. VULNERABILITY Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III...
CVE-2014-3346
The web framework in Cisco Transport Gateway for Smart Call Home aka TG-SCH or Transport Gateway Installation Software does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service service crash via a crafted string, aka Bug ID CSCuq31819...
RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting
I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...
Clicker CMS Blind SQL Injection Vulnerability
No description provided by source. Exploit Title: Clicker CMS Blind SQL Injection Vulnerability Date: 2010-06-25 Author: [email protected] Software Link: n/a Version: n/a .:. Author : [email protected] .:. Contact: [email protected], [email protected] .:. Home : www.evilzone.org,...
Horde Webmail 5.1 - Open Redirect Vulnerability
No description provided by source. + Horde webmail - Open Redirect Vulnerability + Date: 31/03/2014 + Risk: Low + Remote: Yes + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.horde.org/apps/webmail + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable...
Free Online Dictionary of Computing 1.0 - Remote File Viewing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called The Free Online Dictionary of Computing. Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files...
Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...
Cisco Ironport Email Security Virtual Appliance 8.0.0-671 XSS
I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Cisco Ironport Email Security Virtual Appliance Version: 8.0.0-671 II. BACKGROUND ------------------------- Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, that...
InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting
I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio...
Urban Dictionary: Open URL Redirection
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Vulnerable Path:...
Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability
A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...
Slack: URL redirection flaw
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...
GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter...