OpenVPN client session setup detection

Binary data 3543.prm...

OpenVPN client session setup detection

Binary data 3544.prm...

Debian DSA-2943-1 : php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development : - CVE-2014-0185 The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any...

Debian Security Advisory DSA 2943-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any local...

DSA-2943-1 php5 - security update

Bulletin has no description...

Design/Logic Flaw

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports rhevm-reports package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...

ovirt-engine-reports: setup script logs database password in cleartext

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports rhevm-reports package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...

ovirt-engine-dwh: setup script logs database password in cleartext

The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse rhevm-dwh package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

CVE-2014-3840

CVE-2014-3840 affects Mayan EDMS 0.13, with multiple stored XSS vulnerabilities in apps/common/templates/calculate_form_title.html. The issue allows remote authenticated users to inject arbitrary script/HTML via several vectors: (1) a tag, (2) the title of a source in a Staging folder, (3) the Na...

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

大汉Jvideo两处漏洞小合集（可能导致管理后台权限劫持）

简要描述： 两处。 详细说明： 一个是任意文件下载，一个是sql注入。 先看任意文件下载吧，任意文件下载可以下载到setup的相关安装信息，从而可以登录setup目录的管理后台 http://222.66.10.88:8081/jvideo/down.jsp?pathfile=WEB-INF/web.xml 来点好东西 http://222.66.10.88:8081/jvideo/down.jsp?pathfile=WEB-INF/ini/merpserver.ini 可以看见setup下Admin的密码（屏蔽了），登录成功 另外一个网站...

Cobbler Local File Inclusion Vulnerability

Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability. Exploit Title: Local File Inclusion vulnerability in cobbler Exploit author: Dolev Farhi @f1nhack Date 07/05/2014 Vendor homepage: http://www.cobblerd.org Affected Software version: 2.4.x - 2.6.x Alerted vendor...

bug vulnerability handling mechanism system-bugtracker-bug warning-the black bar safety net

For the company configured a Bug tracking system, 找到BugTracker.NET,read a bit, the translation of which is configuration. After a research experience then put up to share. A friend in need can be the following URL to download http://sourceforge.net/project/showfiles.php?groupid=66812 BugTracker...

[SECURITY] Fedora 20 Update: ndjbdns-1.06-1.fc20

New djbdns: is a usable fork of djbdns. djbdns' is a Domain Name System originally written by the eminent author of Qmail, Dr D. J. Bernstein. This new version of djbdns is a complete makeover to the original sourcedjbdns-1.05 and is meant to make life a lot more pleasant. The notable changes so...

CVE-2013-3069

Multiple cross-site scripting XSS vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the 1 UserName or 2 Password to the NAS User Setup page, 3 deviceName to USBadvanced.htm, or 4 Network Key to the Wireless Setup...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the 1 UserName or 2 Password to the NAS User Setup page, 3 deviceName to USBadvanced.htm, or 4 Network Key to the Wireless Setup...

CVE-2013-3069

Multiple cross-site scripting XSS vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the 1 UserName or 2 Password to the NAS User Setup page, 3 deviceName to USBadvanced.htm, or 4 Network Key to the Wireless Setup...

ionCube loader-wizard.php Accessible

ionCube, an encoding and PHP file security tool written in PHP, is running on the remote host. The 'loader-wizard.php' script that contains setup and configuration assistance and provides access to sensitive information about the web server is accessible to remote, unauthenticated users...