463 matches found
CVE-2016-10592
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10592
Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....
jspcc.org.cn XSS vulnerability
Open Bug Bounty ID: OBB-514819 Description| Value ---|--- Affected Website:| jspcc.org.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
PHP Web Stat 4.5.03 Backdoor Account
======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...
PHP Web Stat 4.x.x Information Disclosure
======================================================================== | Title : php web stat v4.x.x information Disclosure vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : all | Vendor : http://wmscripti.com/ | Dork :...
PHP Web Stat 4.5.03 Cross Site Scripting
======================================================================== | Title : php web stat v4.5.03 xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork : Copyright Ac 20...
FreeBSD Information Disclosure Vulnerability (CNVD-2017-37251)
FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from a program failing to properly...
Cross-site Request Forgery (CSRF)
phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have CSRF protection for the phpmyfaq/admin/stat.main.php file, allowing a malicious user to send a request to the application to clear the visits value on the stat page...
phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...
Cross-site request forgery vulnerability in phpMyFAQ admin/stat.ratings.php file
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...
GLSA-201709-12 : Perl: Race condition vulnerability
The remote host is affected by the vulnerability described in GLSA-201709-12 Perl: Race condition vulnerability A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtree and removetree functions in the File-Path module before...
ftp-syst NSE Script
Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...
CVE-2017-9764
Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...
openSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)
The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be...
The vulnerability of the get_process_ttyname function in the system administration software Sudo may allow attackers to elevate their privileges to superuser status and execute arbitrary code.
The vulnerability of the getprocessttyname function in the Sudo system administration program is related to insufficient input data validation. The vulnerability is exploited by creating a symbolic link to the executable file of Sudo, with the file name formatted in a specific way a space followe...
Security update for sudo (important)
This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...
SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)
This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...
Ubuntu 14.04 LTS / 16.04 LTS : Sudo vulnerability (USN-3304-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3304-1 advisory. It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker i...
SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)
This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...
USN-3304-1 sudo vulnerability
It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions...