Six Apart Movable Type 代码注入漏洞

Six Apart Movable Type is an application from Six Apart USA. It provides features such as multiple users, comments, trackbacks, and threads. A security vulnerability exists in Six Apart Movable Type, which can be exploited to execute arbitrary Perl scripts and/or arbitrary operating system comman...

PT-2022-21927 · Alfasado · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 6.021 and earlier PowerCMS versions 5.21 and earlier PowerCMS versions 4.51 and earlier PowerCMS 3 Series and earlier Description: The PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection issue. By...

Alfasado PowerCMS 操作系统命令注入漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. An operating system command injection vulnerability exists in the Alfasado PowerCMS XMLRPC API, which stems from the inclusion of a command injection vulnerability, where sending a specially crafted message via the POST...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2017-1265)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability

Overview A vulnerability been identified in Citrix Application Delivery Controller ADC formerly known as NetScaler ADC, Citrix Gateway formerly known as NetScaler Gateway, and Citrix SDWAN WANOP that could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system...

EulerOS 2.0 SP5 : git (EulerOS-SA-2019-2153)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal...

[SECURITY] Fedora 29 Update: ntp-4.2.8p13-1.fc29

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

[SECURITY] Fedora 28 Update: ntp-4.2.8p13-1.fc28

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

[SECURITY] Fedora 29 Update: beep-1.3-26.fc29

Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational RequisitePro (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational RequisitePro. RequisitePro has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational RequisitePro (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational RequisitePro. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vulnerability

Exploit for hardware platform in category web applications VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured ...

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal

Summary VideoFlow's Digital Video Protection DVP product is used by leading companies worldwide to boost the reliability of IP networks, including the public Internet, for professional live broadcast. DVP enables broadcast companies to confidently contribute and distribute live video over IP with...

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured as Protector, Sentinel or Fortress Version = The Operating...

[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

Fedora 27 : git (2017-655f0d38c3)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

The vulnerability of the distributed Git version control system, related to insufficient validation of input data, allows a hacker to execute arbitrary operating system commands.

The vulnerability of the distributed Git version control system is related to the use of insecure Perl scripts for supporting subcommands such as cvsserver. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on behalf of the git user remotely...

EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1265)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support...

openSUSE: Security Advisory for git (openSUSE-SU-2017:2757-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for git (important)

This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name bsc1061041. This update was...