Qi Bo cms whole Station system(original PHP168)is configured incorrectly actuating any of the user login-bug warning-the black bar safety net

Qi Bo cms whole Station system of the original PHP168 configured improperly cause any user login, such as the cms administrator. Detail: or because of UCCENTER the problem, before it is too UCKEY variable is empty when you can call UCCENTER in the associated users API directly operates today unde...

CVE-2012-3334

Stack-based buffer overflow in IBM Informix Dynamic Server IDS 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement...

CVE-2012-3334

Stack-based buffer overflow in IBM Informix Dynamic Server IDS 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement...

Stack overflow

Stack-based buffer overflow in IBM Informix Dynamic Server IDS 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement...

CVE-2012-3334

Stack-based buffer overflow in IBM Informix Dynamic Server IDS 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement...

DEBIAN-CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow

This module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax...

Mandrake Linux Security Advisory : dump (MDKSA-2000:007)

Dump may cause security problem due to a buffer overflow. This package removes the set gid root on the dump exec file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security Advisory MDKSA-2000:007. T...

hypercall set_debugreg vulnerability

ISSUE DESCRIPTION setdebugreg allows writes to reserved bits of the DR7 debug control register on x86-64. IMPACT A malicious guest can cause the host to crash, leading to a DoS. If the vulnerable hypervisor is run on future hardware, the impact of the vulnerability might be widened depending on t...

Fedora Update for vdr FEDORA-2012-7010

Check for the Version of vdr OpenVAS Vulnerability Test Fedora Update for vdr FEDORA-2012-7010 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Session ID and remember me cookie should expire when LDAP user password is changed

Steps to reproduce Login as a normal Confluence user In another browser or in incognito mode, login as system administrator Go to Confluence Admin Manage Users and click on the user Click Set Password and set a different password for this user Refresh the page and the user can still access the pa...

Mandriva Update for busybox MDVSA-2012:129-1 (busybox)

Check for the Version of busybox OpenVAS Vulnerability Test Mandriva Update for busybox MDVSA-2012:129-1 busybox Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

CVE-2012-4249

The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than...

Debian Security Advisory DSA 2491-1 (postgresql-8.4)

The remote host is missing an update to postgresql-8.4 announced via advisory DSA 2491-1. OpenVAS Vulnerability Test $Id: deb24911.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2491-1 postgresql-8.4 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Sof...

Scientific Linux Security Update : httpd on SL5.x

Problem description : A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is...

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to...

Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64

A flaw was found in the way modauthmysql escaped certain multibyte-encoded strings. If modauthmysql was configured to use a multibyte character set that allowed a backslash '' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request...