FreeBSD-SA-14:17.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...

Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability

A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...

Information disclosure

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat shi...

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

No description provided by source. Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

IPN Development Handler 2.0 - Multiple Vulnerabilities

No description provided by source. IPN Development Handler v2.0 CSRF Change Admin Account ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://scripts.filehungry.com/product/php/e-commerce/paypal/ipndevelopmenthandler/ ===...

Allaire JRun 2.3 File Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the...

ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability

No description provided by source. ToXiC BuG FounD by Drago84 Application Affect:ZoomStats Source Code: http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?usemirror=kent Problem: $GLOBALS'lib''db''path' array not declare Solution : $GLOBALS'lib''db''path' Page Vulnerable : mysql.ph...

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...

Juergen Weigert screen 3.9 User Supplied Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the...

MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...

Ipswitch WhatsUp Professional 2006 0 NmConsole/ToolResults.asp sHostname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation...

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp or .asa, .ini, etc file. Appending...

Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

oracle application server discussion forum portlet Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...

Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returne...