RHEL 7 : kernel (RHSA-2015:2552)

Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...

openSUSE Security Update : Chromium (openSUSE-2015-595)

Chromium was updated to the 45.0.2454.85 of the stable channel to fix multiple security issues. The following vulnerabilities were fixed : - CVE-2015-1291: Cross-origin bypass in DOM - CVE-2015-1292: Cross-origin bypass in ServiceWorker - CVE-2015-1293: Cross-origin bypass in DOM - CVE-2015-1294:...

Microsoft .NET Framework Privilege Elevation Vulnerabilities (3089662)

This host is missing an important security update according to Microsoft Bulletin MS15-101. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GNU wget FTP Remote File Creation (CVE-2014-4877)

An input validation error exists in wget. The vulnerability can occur when wget retrieves files or directories over FTP that are or that contain symlinks. A remote attacker can exploit this vulnerability by creating a crafted FTP directory listing on a server and enticing a user to open the FTP...

Google Chrome < 43.0.2357.130 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. CVE-2015-1266 - A cross-origin bypas...

Google Fixes Handful of Bugs in Chrome

Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on fo...

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release: 464922 High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. 494640 High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 497507 Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit...

CVE-2015-4467

The chmdinitdecomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted CHM file...

PhpMyAdmin preg_replace Function Code Injection - Ver2 (CVE-2013-3238)

A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...

Oracle Data Quality LoaderWizard SetEntities Type Obfuscation Remote Code Execution Vulnerability

Oracle Data Quality is the United States Oracle Oracle company's set of software provides a comprehensive data quality management environment. The software supports data management, data integration and data migration. A remote code execution vulnerability exists in Oracle Data Quality's...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 41.0.2272.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...

McAfee ePolicy Orchestrator XML Entity Injection (CVE-2015-0921)

An XML External Entity vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an input validation error in the ePO-web application. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...

VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Windows)

The version of VMware Player installed on the remote host is version 6.x prior to 6.0.5. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists that allows a local attacker to escalate privileges or cause a denial of service via an arbitrary write to a file...

ecshop a CAPTCHA bypass logic vulnerability-vulnerability warning-the black bar safety net

Although the code is encrypted, but logically there is a point problem The problem ..\includes\clscaptcha.php By the verification function can be seen directly returned, and no authentication failure processing function checkword$word $recorded = isset$SESSION$this-sessionword ?...

Webinars 2.2.26.0 Script Insertion

Document Title: =============== Webinars v2.2.26.0 - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1412 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID VL-ID: ====================================...

Novell eDirectory IMONITOR Cross-Site Scripting (CVE-2014-5212)

A cross-site scripting vulnerability exists in Novell eDirectory IMONITOR. The vulnerability is due to an input validation error while parsing the rdn parameter. A remote attacker could exploit this vulnerability to execute arbitrary script or HTML code in the user's browser session...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow - Ver2 (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities : - Several unspecified errors exist in the 'dirapi.dll' module that allow arbitrary code execution. CVE-2010-2587, CVE-2010-2588,...