Cisco Secure Access Control Server Cross-Site Scripting Vulnerability

The Cisco Secure Access Control Server Solution Engine is a Cisco Secure Access Control Server solution engine. A cross-site scripting vulnerability exists in Cisco Secure Access Control Server, where the program fails to properly validate some parameters, which allows remote attackers to exploit...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

qemu-kvm security, bug fix, and enhancement update

1.5.3-86.el7 - kvm-vfio-pci-Fix-interrupt-disabling.patch bz1180942 - kvm-cirrus-fix-blit-region-check.patch bz1169456 - kvm-cirrus-don-t-overflow-CirrusVGAState-cirrusbltbuf.patch bz1169456 - Resolves: bz1169456 CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks rhel-7.1 -...

SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. bsc897654, CVE-2014-3640 - Fix performance degradation after migration. bsc878350 - Fix potential image corruption due to missi...

kernel security update

CentOS Errata and Security Advisory CESA-2015:0164 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

Fedora 21 : qemu-2.1.2-7.fc21 (2014-16075)

Fix qemu-img convert corruption for unflushed files bz 1167249 - Fix SLES11 migration issue bz 1109427 - CVE-2014-7840: insufficient parameter validation during ram load bz 1163080 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

MGASA-2014-0495 Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoo...

Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...

Fedora 20 : qemu-1.6.2-10.fc20 (2014-14033)

CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Note that Tenable Network Security has extracted the preceding description block directly...

Fedora 21 : qemu-2.1.2-6.fc21 (2014-13993)

CVE-2014-7815 vnc: insufficient bitsperpixel from the client sanitization bz 1157647, bz 1157641 - CVE-2014-3689 vmwarevga: insufficient parameter validation in rectangle functions bz 1153038, bz 1153035 Fix dep on numactl-devel to be build time not install time Note that Tenable Network Security...

(0Day) GoPro HERO 3+ gpExec restart Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...

(0Day) GoPro HERO 3+ gpExec start Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the...

WatchGuard XTM 11.8.3 Cross Site Scripting

I. VULNERABILITY Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III...

CVE-2014-3346

The web framework in Cisco Transport Gateway for Smart Call Home aka TG-SCH or Transport Gateway Installation Software does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service service crash via a crafted string, aka Bug ID CSCuq31819...

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...

Free Online Dictionary of Computing 1.0 - Remote File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called The Free Online Dictionary of Computing. Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files...

Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

Horde Webmail 5.1 - Open Redirect Vulnerability

No description provided by source. + Horde webmail - Open Redirect Vulnerability + Date: 31/03/2014 + Risk: Low + Remote: Yes + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.horde.org/apps/webmail + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable...

Clicker CMS Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: Clicker CMS Blind SQL Injection Vulnerability Date: 2010-06-25 Author: [email protected] Software Link: n/a Version: n/a .:. Author : [email protected] .:. Contact: [email protected], [email protected] .:. Home : www.evilzone.org,...

Cisco Ironport Email Security Virtual Appliance 8.0.0-671 XSS

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Cisco Ironport Email Security Virtual Appliance Version: 8.0.0-671 II. BACKGROUND ------------------------- Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, that...