3360 matches found
UBUNTU-CVE-2016-9851
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...
CVE-2016-9851
CVE-2016-9851 (phpMyAdmin) : A vulnerability allows bypass of the logout timeout via a crafted request parameter. Affected are all 4.6.x versions prior to 4.6.5 and 4.4.x versions prior to 4.4.15.9. The issue is documented in the initial CVE entry, with CVSS metrics indicating a low to medium imp...
CVE-2016-9851
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...
CVE-2016-9851
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...
CVE-2016-9854
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...
MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities
Binary data 9824.prm...
Error session termination mechanisms lead to account hijacking-vulnerability warning-the black bar safety net
Error session termination mechanisms Session termination is to secure the session period in one important aspect. Security implementation session tokens can effectively reduce the session hijacking attack. The session is terminated as the number of attack control mechanisms, such asXSS(cross-site...
XenMobile Domain users unable to authenticate - LDAP response read timed out, timeout used
If domain users or admins are failing to authenticate to XenMobile, verify if the following error appears in the debug log 2016-04-05T10:25:50.128+0000 | 5EAF1FBBC192FC0D | WARN | http-nio-10080-exec-77 | com.sparus.nps.apple.security.AuthUtils | Forcing LDAP auth: cannot refresh user data:...
Bypass logout timeout
PMASA-2016-62 Announcement-ID: PMASA-2016-62 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass logout timeout Description With a crafted request parameter value it is possible to bypass the logout timeout. Severity We consider this vulnerability to be of moderate severity. Affected Versions All...
USN-3126-1: Linux kernel vulnerabilities
Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash. CVE-2016-7042 Dmitry Vyukov discovered a use-after-free...
USN-3128-3 linux-snapdragon vulnerability
Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash...
USN-3128-1 linux vulnerability
Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service system crash...
Shell to Meterpreter Upgrade
This module attempts to upgrade a command shell to meterpreter. The shell platform is automatically detected and the best version of meterpreter for the target is selected. Currently meterpreter/reversetcp is used on Windows and Linux, with 'python/meterpreter/reversetcp' used on all others. This...
Cgiemail 1.6 - Source Code Disclosure
!/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script included with cgiemail will return any...
DEBIAN-CVE-2016-7042
The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...
Memory corruption
The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...
CVE-2016-7042
The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...
UBUNTU-CVE-2016-7042
The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...
Linux kernel local denial of service vulnerability (CNVD-2016-09457)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'prockeysshow' function in the security/keys/proc.c file in Linux kernel versions 4.8.2 and earlier, which stems from a program...