2661 matches found
Updated zabbix package fixes security vulnerability
It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
UBUNTU-CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
CVE-2014-6394
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...
Fedora Update for nodejs-send FEDORA-2014-11421
Check the version of nodejs-send SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868365";...
Fedora Update for nodejs-send FEDORA-2014-11495
Check the version of nodejs-send SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868362";...
Design/Logic Flaw
vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...
CVE-2014-3642
vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...
[SECURITY] Fedora 20 Update: nodejs-send-0.3.0-4.fc20
Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...
[SECURITY] Fedora 19 Update: nodejs-send-0.3.0-4.fc19
Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...
PT-2014-5433 · Red Hat · Red Hat Cloudforms
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method" in the vmdb/app/controllers/application controller/performance....
Fedora 19 : nodejs-send-0.3.0-4.fc19 (2014-11495)
When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, staticdirname + '/public' would allow access to dirname + '/public-restricted'...
CFME: dangerous send method in performance.rb
It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation...
CVE-2012-6110
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...
[SECURITY] Fedora 21 Update: nodejs-send-0.3.0-4.fc21
Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...
Fedora 21 : nodejs-send-0.3.0-4.fc21 (2014-11289)
When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, staticdirname + '/public' would allow access to dirname + '/public-restricted'...
SOL15561 - Kerberos vulnerability CVE-2014-4344
Vulnerability Recommended Actions You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the above tables. If the Versions known to be not vulnerable column does not list a version that is higher than the version you are running, then...
osCommerce 2.3.4 - Multiple vulnerabilities
Latest osCommerce software suffers on multiple cross site scripting and cross site request forgery vulnerabilities, which even may lead to remote code execution. Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested o...
mIRC 6.1 DCC SEND Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/8818/info A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking...