PHP 5.5.x < 5.5.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist in splarray.c, splobserver.c, and spldllist.c due to improper sanitization of input to the...

PHP 5.6.x < 5.6.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spldllist.c due to improper sanitization of input to the unserialize function. An attacker can...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PT-2015-4916 · Debian +2 · Pycode-Browser

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a predictable temporary file vulnerability. No further details are provided about the nature of the issue, affected devices, or real-world incidents...

Wind River VXWorks TCP Predictable Vulnerability

VxWorks is a real-time operating system widely used on ICS-related devices. VxWorks software generates predictable initial TCP sequential numbers that can be predicted by an attacker based on previous values to spoof or interrupt TCP connections...

PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 'php_sdl.c' WSDL Injection

Binary data 8789.prm...

Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google OpenVAS Vulnerability Test $Id: deb3285.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3285-1 using nvtgen 1.0 Script version: 1.0...

DSA-3284-1 qemu - security update

Bulletin has no description...

CVE-2014-8605

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

CVE-2014-8605

The CVE concerns the XCloner Backup and Restore plugin for WordPress (v3.1.1) and Joomla! (v3.5.1), where database backup files are stored under the web root with predictable names due to insufficient access control. This allows remote attackers to obtain sensitive information by directly request...

Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery Vulnerability

Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses...

ESC 8832 Data Controller Multiple Vulnerabilities

Exploit for hardware platform in category web applications =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested...

ESC 8832 Data Controller Session Hijacking

=begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested on: ESC 8832 Data Controller Hardware CVE : N/A Yet POC for...

ESC 8832 Data Controller - Multiple Vulnerabilities

ESC 8832 Data Controller - Multiple Vulnerabilities =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested on: ESC...

Microsoft Windows DNS Server Spoofing - Ver2 (CVE-2007-3898)

There exits a vulnerability in Microsoft Windows DNS Server. The flaw is caused by predictable transaction identifiers in DNS requests generated. A remote attacker may leverage this vulnerability to use spoofed DNS responses to poison the DNS cache on the target system...

CVE-2015-3326

Trend Micro ScanMail for Microsoft Exchange SMEX 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force...

Design/Logic Flaw

Lenovo System Update formerly ThinkVantage System Update before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service SUService.exe through an unspecified named pipe...

MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...

The vulnerability of the Apache Struts software platform, related to the use of predictable values of <s:token/>, allows a remote attacker to perform a CSRF attack.

The vulnerability of the Apache Struts software platform is related to the use of predictable values for the tag. Exploiting this vulnerability could allow a remote attacker to execute a CSRF attack...

[ MDVSA-2015:177 ] ctdb

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:177 http://www.mandriva.com/en/support/security/ Package : ctdb Date : March 30, 2015 Affected: Business Server 2.0 Problem Description: Updated ctdb packages fix security vulnerability: ctdb before 2.5 is...