openSUSE Security Update : fuse (openSUSE-2015-401)

Update to version 2.9.4 - fix exec environment for mount and umount bsc931452, CVE-2015-3202 - properly restore the default signal handler - fix directory file handle passed toioctl method. - fix for uids/gids larger than 2147483647 - initialize stat buffer passed to getattr and fgetattr...

WordPress Plugin Free Counter Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Free Counter is one of the counting and statistics plugin. A cross-site scripting vulnerability exists in version 1...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0863 Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

WordPress Simple Visitor Stat Cross Site Scripting

Title: WordPress 'Simple Visitor Stat' plugin - Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ ---------------------------------------------------------------- Description:...

Simple Visitor Stat <= 1.0 - Multiple XSS

Plugin is still affected and has been closed...

ProFTPD 1.2.x STAT Command Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in...

Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1284/info Apache HTTP Server 1.3.x win32 allows people to get a directory listing of a directory, if it is enabled in the config, even if an index file is present that would normally be displayed instead. This can be...

WFTPD 2.4.1RC11 REST Command Malformed File Write DoS

No description provided by source. source: http://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to write past the...

WFTPD 2.4.1RC11 STAT/LIST Command DoS

No description provided by source. source: http://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to write past the...

Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...

Xorg 1.4 to 1.11.2 File Permission Change PoC

No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...

CVE-2013-6936

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

Sql injection

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

CVE-2013-6936

CVE-2013-6936 describes multiple SQL injection vulnerabilities in the Ajaxfs plugin (MyBB), specifically in ajaxfs.php via the tooltip and usertooltip parameters in the Ajax forum stat plugin 2.0. Remote attackers could execute arbitrary SQL commands. OpenVAS notes a WillNotFix remediation.

CVE-2013-6936

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

coreutils security, bug fix, and enhancement update

8.4-31.0.1 - clean up empty file if cp is failed Orabug 15973168 8.4-31 - adjust the fix for the du bindmounts failure836557 Mon Oct 07 2013 Ondrej Oprala - Fix su retvals once again 8.4-29 - CVE-2013-0221 CVE-2013-0223 CVE-2013-0222 - fix various segmentation faults in sort, uniq and join1015019...

Debian DSA-2795-2 : lighttpd - several vulnerabilities

Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...

[SECURITY] [DSA 2795-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...