TWiki MAKETEXT Remote Command Execution

This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the...

Fedora Update for insight FEDORA-2012-18311

Check for the Version of insight OpenVAS Vulnerability Test Fedora Update for insight FEDORA-2012-18311 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for insight FEDORA-2012-18300

Check for the Version of insight OpenVAS Vulnerability Test Fedora Update for insight FEDORA-2012-18300 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: insight-7.4.50-4.20120403cvs.fc17

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for GDB version 6.x...

[SECURITY] Fedora 16 Update: insight-7.4.50-4.20120403cvs.fc16

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for GDB version 6.x...

[SECURITY] Fedora 18 Update: insight-7.4.50-4.20120403cvs.fc18

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for GDB version 6.x...

UBUNTU-CVE-2012-5881

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...

UBUNTU-CVE-2012-5883

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors...

OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related ...

Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering

Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out phishing attacks. The attack leverages the ‘fullscreen API’ featur...

MetInfo m topology enterprise website management system 5. 0. 2 code auditing exploit and repair summary-vulnerability warning-the black bar safety net

MetInfo enterprise website management system using PHP+Mysql schema, full Station built-in SEO search engine optimization mechanism, support user since defined interface languageglobal various language, has enterprise website common of module features corporate profile module, news module, produc...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

Cisco Identity Services Engine contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the ISE Administrator...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.5.2.2-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...

CVE-2012-2163

IBM Scale Out Network Attached Storage SONAS 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the 1 Command Line Interface or 2 Graphical User Interface, related to a "code injection" issue...

CentOS Update for system-config-printer CESA-2011:1196 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for system-config-printer CESA-2011:1196 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Arbitrary file deletion

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface...

CVE-2011-4581

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface...

Western Digital's WD TV Live SMP/Hub - Privilege Escalation

Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device allows customization of its user interface and limited remote...