Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...

[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04649315 Version: 1 HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release...

CVE-2015-2118

Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control AC Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sensitive information via unknown vectors...

CVE-2015-2118

CVE-2015-2118 affects HP Access Control (AC) Pull Print components (Secure Pull Print / Security Pull Print) for HP AC 12.x–14.x up to 14.1.2. The HP Security Bulletin (HPSBPI03322 rev.1/ rev.2) describes a local unauthorized access vulnerability that could allow an attacker with local access to ...

HP Access Control Pull Print Unauthorized Access Vulnerability

HP Access Control allows users to authenticate with an NFC-enabled smartphone or tablet. HP Access Control has a security vulnerability that could be exploited by a local attacker to perform unauthorized access...

The vulnerability of the Red Hat Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the slrn-pull-0.9.6.4 package for the Red Hat Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

USN-2470-1 git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that...

DEBIAN-CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

Hardcoded credentials

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

UBUNTU-CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

docker: symbolic and hardlink issues leading to privilege escalation

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

PT-2014-7210 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.2 Description: The issue allows remote attackers to write to arbitrary files and execute arbitrary code via a symlink or hard link attack in an image archive during a pull or load operation. This can be achieved...

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - ------------------------------------------------------------------------------ Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability...

TomatoCart 1.x - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the...

TomatoCart 1.x - SQL Injection

Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU General Public License or "GPL", free ...

AlstraSoft Forum Pay Per Post Exchange 2.0 - SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Forum Pay Per Post SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz &...

CodeIgniter / Kohana PHP Object Injection / Timing Attack

CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...

Ruby Gem Webbynode 1.0.5.3 Command Injection

Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2014 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied input befor...

rpi-update tmpfile vulnerability

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

CVE-2012-5541

Cross-site scripting XSS vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."...