USN-2628-1 strongswan vulnerability

Alexander E. Patrakov discovered that strongSwan incorrectly handled certain IKEv2 setups. A malicious server could possibly use this issue to obtain user credentials...

General Purpose Fuzzing: Honggfuzz

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace API / POSIX signal interface to detect and log crashes. Features Easy setup : No complicated configuration files or setup necessary —...

CVE-2015-2124

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors...

CVE-2015-2124

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors...

CVE-2015-2124

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors...

ResourceSpace Native PHP File Inclusion Vulnerability

ResourceSpace is an open source digital asset management solution. ResourceSpace has a local PHP file inclusion vulnerability. Due to the "defaultlanguage" HTTP GET parameter received from the user to include PHP files using the "include" PHP function before the "/pages/setup.php" script lack of...

HP Easy Setup Wizard privilege escalation

No description provided...

UBUNTU-CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpasupplicant, when using WPS external registrar ER, 0.7.0 through 2.4 allows remote attackers to cause a denial of service crash via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow...

DEBIAN-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

UBUNTU-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

CVE-2015-3902

CVE-2015-3902 is a CSRF/XSRF vulnerability in the phpMyAdmin setup process. The issue affects PHPMyAdmin releases up to 4.0.x < 4.0.10.10, 4.2.x < 4.2.13.3, 4.3.x < 4.3.13.1, and 4.4.x

VulnCheck KEV: CVE-2008-1244

cgi-bin/setupdns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns11, dns12, dns13, and dns14 parameters. NOTE: it was later reported...

Cisco IOS ISDN Implementation Denial of Service Vulnerability

Cisco IOS is a popular Internet operating system. A security vulnerability in the Cisco IOS ISDN implementation allows remote attackers to conduct denial of service attacks by submitting malformed Q931 SETUP messages...

CVE-2015-0731

The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service device reload via malformed Q931 SETUP messages, aka Bug ID CSCut37890...

Code injection

The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service device reload via malformed Q931 SETUP messages, aka Bug ID CSCut37890...

CVE-2015-0731

The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service device reload via malformed Q931 SETUP messages, aka Bug ID CSCut37890...

Oracle Linux 7 : kexec-tools (ELSA-2015-0986)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0986 advisory. 2.0.7-19.0.1.el71.2 - kdumpctl: exclude defaulthugepagesz setting from kdump kernel cmdline Sriharsha Yadagudde Orabug: 19134999 - kdumpctl: verify if kernel...

kexec-tools: insecure use of /tmp/*$$* filenames

It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files...