rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

CVE-2016-7034

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to 1 bypass CSRF protection mechanisms or 2 conduct cross-site request forgery CSRF attacks by...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: geticuvalueinternal out-of-bounds read bnc982010. - CVE-2016-5094: Don't create strings with lengths outside int range bnc982011. - CVE-2016-5095: Don't create strings with...

DLA-605-1 eog - security update

Bulletin has no description...

[SECURITY] Fedora 25 Update: rubygem-activesupport-5.0.0.1-1.fc25

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

Manalyze - A static analyzer for PE executables

Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior. A static analyzer for PE files Manalyze was written in C++ for Windows and Linux and is released under the terms of the GPLv3 license . It is a robust parser for PE files with a flexible...

UBUNTU-CVE-2014-9894

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcom...

mongodb: DoS due to improper BSON validation

A flaw was found in the way MongoDB processed certain BSON-serialized UTF-8 strings. A remote, unauthenticated attacker could use this flaw to crash a mongod server via a specially crafted BSON message...

The vulnerability of the Commons FileUpload library allows a perpetrator to trigger a service failure.

The vulnerability of the MultipartStream class in the Commons FileUpload library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause a service failure resulting in increased computational resources usage through the use of a lo...

Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed. PoC curl -A "User-Agent: " -O http:///?attachmentid=...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

Overfilling the buffer in the mconvert function in softmagic.c, within the Fileinfo component for PHP, allows malicious individuals operating remotely to cause a service failure abrupt termination of the application, by using specially crafted strings in the FILEPSTRING transformations...

[SECURITY] Fedora 23 Update: python3-3.4.3-9.fc23

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

DEBIAN-CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...

phpMyAdmin Sensitive Information Disclosure Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A sensitive information disclosure vulnerability...

[SECURITY] Fedora 24 Update: python3-3.5.1-9.fc24

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

FreeXL: Multiple vulnerabilities

Background FreeXL is an open source library to extract valid data from within an Excel .xls spreadsheet. Description FreeXL’s shared strings and workbook functions are vulnerable to the remote execution of arbitrary code and Denial of Service. This can be achieved through specially crafted...

libEBML Information Disclosure Vulnerability

libEBML is a C++ library maintained by the Matroska team for parsing EBML an audio/video framework files. A security vulnerability exists in libEBML. The vulnerability can be exploited to cause a denial of service off-by-few reads or information disclosure by means of specially crafted unicode...