1284 matches found
DEBIAN-CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an 1 email address to the validateAddress function in class.phpmailer.php or 2 SMTP command to the sendCommand function in class.smtp.php, a different...
spice-server security update
0.12.4-12.3 - CVE-2015-5260 CVE-2015-5261 fixed various security flaws Resolves: rhbz1262769 0.12.4-12.2 - Validate surfaceid Resolves: rhbz1262769...
spice security update
0.12.4-9.3 - CVE-2015-5260 CVE-2015-5261 fixed various security flaws Resolves: rhbz1262771 0.12.4-9.2 - Validate surfaceid Resolves: rhbz1262771...
rtalabel.org XSS vulnerability
Vulnerable URL: http://www.rtalabel.org/?content=validate=17632092058dcb95f745944553483c47'%22%26%25prompt/XSSPOSED/...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3055)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3055 advisory. - KVM: x86: SYSENTER emulation is broken Nadav Amit Orabug: 21502741 CVE-2015-0239 CVE-2015-0239 - x86/tls: Validate TLS entries to protect espfix...
CVE-2015-3324
The ThinkServer System Manager TSM Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers...
PYSEC-2015-14
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
freetype: out-of-bounds read in tt_cmap4_validate()
The ttcmap4validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted cmap SF...
SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)
This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. bsc897654, CVE-2014-3640 - Fix performance degradation after migration. bsc878350 - Fix potential image corruption due to missi...
FreeType 'tt_cmap4_validate' Function Denial of Service Vulnerability
FreeType is the FreeType team developed a C-based , high-quality and portable open source font engine library , it can be used to rasterize the characters and mapped to bitmap and provide other font-related business support . A denial of service vulnerability exists in the FreeType...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...
CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package...
Race condition
The MCollective aessecurity plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to...
(0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Inktomi Search Software 3.0 Source Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...
File Store PRO 3.2 - Multiple Blind SQL Injection Vulnerabilities
No description provided by source. | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GETfolder && $GETfolder!= $folder=$GETfolder; else exitBad Request; ifisset$GETid && $GETid!= $id=$GETid; el...
[oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size
Hello, 'CVE-2014-0222' has been assigned to this issue. Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k in fact, down to 1 entry = 8...
Oracle Linux 6 : kernel (ELSA-2014-0475)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0475 advisory. - scsi AACRAID Driver compat IOCTL missing capability check Jacob Tanenbaum 1033533 1033534 CVE-2013-6383 - net netfilter: nfconntrackdccp: fix...
Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery
According to its version, the Atmail Webmail install on the remote host is 4.5.1 4.51 or 5.x prior to 5.0.3 5.03. It is, therefore, potentially affected by an input-validate error in the file 'util.pl' that could allow cross-site request forgery XSRF attacks. %NASLMINLEVEL 70300 C Tenable Network...
Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS
According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 4.61. It is, therefore, potentially affected by an input-validate error in the file 'Global.pm' that could allow cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...