NTPd <= 4.2.0 Privilege Escalation Vulnerability

NTPd is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription...

Fedora 22 : mediawiki-1.25.3-1.fc22 (2015-24fe8b66c9)

https://www.mediawiki.org/wiki/Releasenotes/1.25MediaWiki1.25.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

Bugzilla show_bug.cgi id Parameter XSS

The version of Bugzilla installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'id' parameter of the 'showbug.cgi' script. An attacker may be able to leverage this to inject arbitrary HTML and script code...

Cross site scripting

Cross-site scripting XSS vulnerability in showbug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value ...

Fedora 13 : sepostgresql-9.0.1-20101007.fc13 (2010-16004)

Upgrade base version to v9.0.1 which contains various bug and security fixes. - http://www.postgresql.org/docs/9.0/static/release-9-0.ht ml - http://www.postgresql.org/docs/9.0/static/release-9-0- 1.html Note that Tenable Network Security has extracted the preceding description block directly fro...

Fedora Core 10 FEDORA-2009-9601 (planet)

The remote host is missing an update to planet announced via advisory FEDORA-2009-9601. OpenVAS Vulnerability Test $Id: fcore20099601.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9601 planet Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...

Bugzilla 'show_bug.cgi'信息泄漏漏洞

Bugraq ID: 35916 Bugzilla是一款基于Web的BUG跟踪系统。 showbug.cgi脚本存在漏洞，如果用户拥有可编辑产品缺陷的权限，可获得本来不可见的所有产品名信息。 通过如下方法可以重现： 1，建立2个产品：prod1和prod2 2，显示user1只能访问prod1 3，尝试编辑自己的缺陷bug并能在combobox中看到所有产品。 Mozilla Bugzilla 3.3.4 Mozilla Bugzilla 3.4 rc1 Mozilla Bugzilla 3.4 厂商解决方案 用户可升级到最新版本： Mozilla Bugzilla 3.4 rc1...

Fedora Core 9 FEDORA-2009-1057 (dia)

The remote host is missing an update to dia announced via advisory FEDORA-2009-1057. OpenVAS Vulnerability Test $Id: fcore20091057.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1057 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2004-1634

The CVE-2004-1634 entry concerns Bugzilla. Affected versions are Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, where the insidergroup feature and XML export of a bug can reveal private comments and attachment summaries. This exposes sensitive information to remote attackers. The underlying c...