179 matches found
[SECURITY] Fedora 20 Update: lsyncd-2.1.4-4.fc20.1
Lsyncd watches a local directory trees event monitor interface inotify. It aggregates and combines events for a few seconds and then spawns one or more processes to synchronize the changes. By default this is rsync. Lsyncd is thus a light-weight live mirror solution that is comparatively easy to...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
DEBIAN-CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 Multiple Vulnerabilities (PMASA-2011-5 - PMASA-2011-8)
The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.2 or 3.4.x less than 3.4.3.1 - that is affected by multiple vulnerabilities : - An error in the file 'libraries/auth/swekey/swekey.auth.lib.php' allows an attacker to modify the 'SESSION' superglobal array. CVE-2011-2505 - ...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...
Fedora 16 : phpMyAdmin-3.4.7-1.fc16 (2011-15460)
"Changes for 3.4.7.0 2011-10-23 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory 2011-15460. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid56797;...
Fedora 15 : phpMyAdmin-3.4.3.1-1.fc15 (2011-9132)
Changes for 3.4.3.1 2011-06-07 - PMASA-2011-5 Possible session manipulation in Swekey authentication http://www.phpmyadmin.net/homepage/security/PMASA-2011 -5.php - PMASA-2011-6 Possible code injection in setup script in case session variables are compromised...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
Code injection
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
CVE-2011-2507
CVE-2011-2507 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. The vulnerability stems from improper quoting of regular expressions in libraries/server_synchronize.lib.php, allowing a remote authenticated user to inject a PCRE_EVAL modifier via a modified SESSION array and execute...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
Regular expression quoting issue in Synchronize code.
PMASA-2011-7 Announcement-ID: PMASA-2011-7 Date: 2011-07-02 Updated: 2011-07-04 Summary Regular expression quoting issue in Synchronize code. Description Through a possible bug in PHP, a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the pregrepla...
Firefox 3 Layout engine crashes
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...
Buffer overflow
Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service application crash or system crash and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing...
CVE-2007-5144
Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service application crash or system crash and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing...
CVE-2007-4410
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops...
PT-1997-1097 · Linux · Linux
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue allows for a denial of service of inetd on Linux systems through the use of SYN and RST packets. Recommendations: At the moment, there is no information about a newer version that...