Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access

Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit Vendor: NETGEAR Product web page: http://www.netgear.com Affected version: WNR500 firmware: 1.0.7.2 Summary: The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a...

libvncserver: NULL pointer dereference flaw in framebuffer setup

A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash...

DEBIAN-CVE-2013-4541

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

krb5: KDC remote DoS (NULL pointer dereference and daemon crash)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request...

krb5: multi-realm KDC null dereference leads to crash

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

krb5: KDC remote DoS (NULL pointer dereference and daemon crash)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request...

CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

JCMS /setup/opr_updatenewmenu.jsp 登录绕过漏洞

No description provided by source...

[SECURITY] Fedora 20 Update: cinnamon-control-center-2.2.10-1.fc20.1

This package contains configuration utilities for the Cinnamon desktop, whi ch allow to configure accessibility options, desktop fonts, keyboard and mouse properties, sound setup, desktop theme and background, user interface properties, screen resolution, and other settings...

[SECURITY] Fedora 20 Update: control-center-3.10.3-2.fc20

This package contains configuration utilities for the GNOME desktop, which allow to configure accessibility options, desktop fonts, keyboard and mouse properties, sound setup, desktop theme and background, user interface properties, screen resolution, and other settings...

qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

Authentication flaw

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mod...

CVE-2014-2361

Summary (CVE-2014-2361): OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, expose a key management flaw that allows a physically proximate attacker to read the site security key and spoof communication. The issue arises from improper key handling (key managem...

qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load

The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...

UBUNTU-CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...