Quest NetVault Backup Server Process Manager Service NVBUBackupSegment Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from th...

Quest NetVault Backup Server Process Manager Service NVBUBackup JobList Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the...

Quest NetVault Backup Server Process Manager Service NVBUBackup TimeRange Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the...

Quest NetVault Backup Server Process Manager Service NVBUBackup ClientList Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from th...

Quest NetVault Backup Server Process Manager Service NVBUScheduleSet Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the...

Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the...

Scientific Linux Security Update : Openafs Security Update on SL6.x, SL7.x i386/x86_64 (20171206)

-- Security Fixes : - Certain values transmitted in RX ACK packets were not sanity checked by OpenAFS receiving peers, which could lead to an assertion being triggered during construction of outgoing packets on the same connection, resulting in server process crashes or client kernel panics...

[ASA-201710-10] xorg-server: multiple issues

Arch Linux Security Advisory ASA-201710-10 ========================================== Severity: Medium Date : 2017-10-08 CVE-ID : CVE-2017-13721 CVE-2017-13723 Package : xorg-server Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-432 Summary ======= The package...

CVE-2016-8738

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

CVE-2016-8738

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

Apache Struts URLValidator DoS Vulnerability (S2-047) - Linux

Apache Struts is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Code injection

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...

BSA-2017-337

Security Advisory ID : BSA-2017-337 Component : OpenVPN Revision : 2.0: Interim An authenticated client can do the 'three way handshake' PHARDRESET, PHARDRESET, PCONTROL, where the PCONTROL packet is the first that is allowed to carry payload. If that payload is too big, theOpenVPNserver process...

Novell ZENworks Reporting Appliance Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Novell ZENworks Reporting Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FCExporter servlet. The process does not properly validate a...

DEBIAN-CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

Design/Logic Flaw

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

Wordpress Plugin Mobile App Native Remote File Upload Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A remote file upload vulnerability exists in the Wordpress plugin Mobile App Native. Because the application fails to...

Null pointer dereference

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...