5308 matches found
IBM DB2 9.7 < Fix Pack 10 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by the following vulnerabilities : - An input-validation error exists related to handling the 'ALTER MODULE' statement that allows buffer overflows. CVE-2014-3094 - An error exists related to handling...
Microsoft Internet Explorer Elevation of Privilege (MS14-065: CVE-2014-6350)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
HP System Management Homepage red2301.html RedirectUrl Cross Site Scripting (CVE-2014-2640)
A cross-site scripting vulnerability exists in HP's System Management Homepage SMH. The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious...
PHP 5.4.x < 5.4.34 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-366...
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities
Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...
Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities
Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...
Microsoft Internet Explorer Elevation of Privilege (MS14-056; CVE-2014-4123)
An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...
MediaWiki < 1.19.19 / 1.22.11 / 1.23.4 SVG Upload and CSS XSS
According to its version number, the MediaWiki application running on the remote host is affected by an input validation error related to SVG file upload handling and CSS content filtering that can lead to cross-site scripting XSS attacks. Note that Nessus has not tested for this issue but has...
phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow...
Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)
The version of Adobe Reader installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists that allows arbitrary code execution. CVE-2014-0560 - A heap-based...
Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)
The version of Adobe Acrobat installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists that allows arbitrary code execution. CVE-2014-0560 - A heap-based...
Joomla Kunena Forum 3.0.5 SQL Injection
Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...
Joomla Kunena Forum 3.0.5 Cross Site Scripting
Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...
VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)
VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user...
PHPNuke 6.0/6.5 Forum Module Viewforum.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through...
Py-Membres 4.x Pass_done.PHP Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the passdone.php file included with...
GeoVision Digital Surveillance System 6.0 4/6.1 Unauthorized JPEG Image Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13571/info GeoVision Digital Surveillance System is prone to a vulnerability that allows remote unauthorized attackers to view JPEG images stored on a server. This issue results from an access validation error. GeoVision...
Fusion News 3.3 Unauthorized Account Addition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow a user to...
Epic Games Unreal Tournament Engine 3 UMOD Manifest.INI Remote Arbitrary File Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10196/info Reportedly the Unreal Tournament Engine is affected by a local file overwrite vulnerability due to the UMOD manifest.ini file. This issue is due to an input validation error that allows a malicious user specify...
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
No description provided by source. RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.comhttp://www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilitie...