75 matches found
phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities
Binary data 6967.prm...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
Critical: Red Hat Security Advisory: rubygem-activesupport security update
An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
Symantec Web Gateway Multiple Vulnerabilities
Symantec Web Gateway is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:symantec:webgateway";...
Mandriva Linux Security Advisory : php (MDVSA-2012:065)
Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a...
Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities
Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...
HITB Quartal Magazine - eZine Issue 007
Document Title: =============== HITB Quartal Magazine - eZine Issue 007 References: =========== Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf Article: http://magazine.hitb.org/ Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf Article:...
Insecure Mail Server Offers Chinese Government Accounts To The Masses
A security researcher who identified holes in SCADA software used by utilities in China has issued a new warning to that country’s CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account. Dillon Beresford, a...
CVE-2010-4700
The setmagicquotesruntime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqlifetchassoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly...
Overlooked Old Vulnerabilities Lead to Major Data Breaches, Says TrustWave
A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American...
How to Get Owned in One Easy Step
As 2009 draws to a close, one thing has become clear: The most dangerous piece of software on your PC isn’t a banking Trojan or a bot; it’s your Web browser. The Web browser has become the main focal point of attackers’ attention and the frequency with which new vulnerabilities are found in all o...
openSUSE Security Update : rubygem-activerecord (rubygem-activerecord-328)
Missing sanity checks of the :limit and :offset parameters in SQL queries could potentially be exploited to conduct SQL inection attacks CVE-2008-4094. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
Office Web Components Flaw Used in SQL Injection Attacks
Attackers have begun using the unpatched vulnerability in Microsoft’s Office Web Components in SQL injection attacks. The vulnerability, which only became public this week, affects millions of users running a number of different versions of Windows, Office and Internet Explorer. The SANS Internet...
Pixie CMS XSS / SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pixie CMS Multiple Vulnerabilities Pixie is a "free, open source web application that will help you quickly create your own website. Many people refer to this type of software as a 'content management system cms'" http://www.getpixie.co.uk. Pixie is...
phpMyAdmin: SQL injection vulnerability
Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...
SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled
The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as taxonomymenu, ajaxLoader, and ubrowse...
EPortfolio 1.0 - Client-Side Input Validation
source: https://www.securityfocus.com/bid/22829/info ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to perform various attacks that are caused by input-validation...
[Full-disclosure] rPSA-2006-0080-1 postgresql postgresql-server
rPath Security Advisory: 2006-0080-1 Published: 2006-05-24 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Local System User Deterministic Vulnerability Updated Versions: postgresql=/conary.rpath.com@rpl:devel//1/8.1.4-1-0.1...
eGroupWare 1.0 - sitemgr-siteindex.php?category_id Cross-Site Scripting
eGroupWare 1.0 - sitemgr-siteindex.php?categoryid Cross-Site Scripting source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. The issues arise due to a failure of the application to properly validate...
CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues affect the 'index.php',...