517 matches found
GLSA-201401-26 : Zabbix: Shell command injection
The remote host is affected by the vulnerability described in GLSA-201401-26 Zabbix: Shell command injection If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are...
CVE-2014-3001
Removed by vendor...
CVE-2013-4532
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process...
IBM Forms Viewer XFDL Form Processing Stack Buffer Overflow (CVE-2013-5447)
A stack buffer overflow vulnerability exists in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially...
CVE-2013-5897
Technical details for CVE-2013-5897 are not publicly provided in the supplied documents. No concrete information on affected components, root cause, or remediation is present here. Monitor official advisories for updates.
Mandriva Linux Security Advisory : subversion (MDVSA-2013:288)
Updated subversion package fixes security vulnerabilities : moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many case...
Cisco Unified Communications Manager - TFTP Service
!/bin/bash Proof of Concept on how to get tftp config files from cisco phones This can be performed anonymously and privileges gathered relies on those assigned to the ldap account Developed by Daniel Svartman [email protected] In case tftp files are encrypted, you will need to hijack a...
Cisco IOS XR Software SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device. The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker...
[SECURITY] Fedora 19 Update: ReviewBoard-1.7.18-1.fc19
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...
[SECURITY] Fedora 20 Update: ReviewBoard-1.7.16-2.fc20
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...
Setuptools: Man-in-the-Middle attack
Background Setuptools is a manager for Python packages. Description Setuptools does not check the integrity of downloaded Python packages. Impact A remote attacker could perform man-in-the-middle attacks to execute arbitrary code with the privileges of the process. Workaround There is no known...
GLSA-201310-01 : Perl Module-Signature module: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201310-01 Perl Module-Signature module: Arbitrary code execution The cpansign verify command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to...
[SECURITY] Fedora 18 Update: ReviewBoard-1.7.14-1.fc18
Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...
Fedora 18 : polkit-0.107-6.fc18 (2013-17197)
This release fixes CVE-2013-4288: Race condition with process subjects that do not have securely determined uid. pkcheck1 now supports a new format for the --process argument; all applications need to use the new format to avoid a race condition or use --system-bus-name to identify the process...
Fedora 19 : polkit-0.112-1.fc19 (2013-17191)
This release fixes CVE-2013-4288: Race condition with process subjects that do not have securely determined uid. pkcheck1 now supports a new format for the --process argument; all applications need to use the new format to avoid a race condition or use --system-bus-name to identify the process...
"Contact Administrators" Process Doesn't Exclude Disabled Administrators
h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...
"Contact Administrators" Process Doesn't Exclude Disabled Administrators
h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...
CVE-2011-4607
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory...
CVE-2013-3186
CVE-2013-3186 affects Microsoft Internet Explorer 7–10 on multiple Windows editions. The root cause is improper implementation of the Integrity Access Level (Process Integrity Level) protection in Protected Mode, allowing remote attackers to elevate privileges from a low-IL process to medium IL. ...
Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...