Inktomi Search Software 3.0 Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...

[oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size

Hello, 'CVE-2014-0222' has been assigned to this issue. Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k in fact, down to 1 entry = 8...

Oracle Linux 6 : kernel (ELSA-2014-0475)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0475 advisory. - scsi AACRAID Driver compat IOCTL missing capability check Jacob Tanenbaum 1033533 1033534 CVE-2013-6383 - net netfilter: nfconntrackdccp: fix...

Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS

According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 4.61. It is, therefore, potentially affected by an input-validate error in the file 'Global.pm' that could allow cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery

According to its version, the Atmail Webmail install on the remote host is 4.5.1 4.51 or 5.x prior to 5.0.3 5.03. It is, therefore, potentially affected by an input-validate error in the file 'util.pl' that could allow cross-site request forgery XSRF attacks. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

Null pointer dereference

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

eshtery CMS - &#039;FileManager.aspx&#039; Local File Disclosure

source: https://www.securityfocus.com/bid/65740/info eshtery CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on...

[SECURITY] Fedora 18 Update: php-symfony2-Config-2.2.10-1.fc18

The Config Component provides several classes to help you find, load, combi ne, autofill and validate configuration values of any kind, whatever their sour ce may be Yaml, XML, INI files, or for instance a database...

CVE-2013-4702

Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SCApiOperation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a 1 Operation, 2 Service, 3 Style, 4 Validate, or 5 Version value...

PT-2013-4919 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10.8 Description: The issue allows local users to gain privileges or cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved by adding a hardware event to an...

Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780

Check for the Version of nodejs-npm-user-validate OpenVAS Vulnerability Test Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribu...

Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 : xorg-x11-server (ELSA-2012-0303)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0303 advisory. 1.1.1-48.90.0.1.el5 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.90 - cve-2011-4028.patch: File existence disclosure...

Oracle Linux 5 : kernel (ELSA-2011-0927)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0927 advisory. - Revert: xen hvm: svm support cleanups Andrew Jones 703715 702657 CVE-2011-1780 - Revert: xen hvm: secure svmcraccess Andrew Jones 703715 702657...

CVE-2013-3926

Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of CVE-2013-3926. The author of the artic...

PT-2013-1900 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager versions 3.1 and earlier Description: The issue affects the domain management tool, specifically when the validate action is enabled, causing the administrative password to be logged to a world-readab...

Joomla! 'highlight' Parameter PHP Object Injection Vulnerability

Joomla! is prone to a remote PHP object-injection vulnerability because it fails to properly validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2013-0310

The cipsov4validate function in net/ipv4/cipsoipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an IPOPTCIPSO IPOPTIONS setsockopt system call...

PT-2013-2222 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.4.8 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved through an IPOPT CIPSO IP OPTIONS setsockopt system...