spice-gtk: Privilege escalation

Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description spice-gtk does not properly sanitize the DBUSSYSTEMBUSADDRESS environment variable. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known...

Intel Multiple Products Crafted UEFI Variable Handling Security Bypass

The version of the Intel BIOS on the remote device is affected by an unspecified security bypass vulnerability related to a flaw in the handling of certain Unified Extensible Firmware Interface UEFI variables. A knowledgeable remote malicious attacker may be able to exploit this issue to bypass...

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

OpenSSL and Breaking UTF-8 Change fixed in Node v0.8.27 and v0.10.29 Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we've upgraded the version of the bundled...

openSUSE Security Update : subversion (openSUSE-SU-2013:1442-1)

This subversion update includes a security fix and several minor changes. - update to 1.7.13 bnc836245 - User-visible changes : - General - merge: fix bogus mergeinfo with conflicting file merges - diff: fix duplicated path component in '--summarize' output - raserf: ignore case when checking...

openSUSE Security Update : wireshark (openSUSE-SU-2011:0602-1)

This wireshark update fixes : - Use of un-initialized variables CVE-2011-1590 - Buffer overflow in DECT dissector CVE-2011-1591 - Crash in NFS dissector on Windows CVE-2011-1592 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : openssl (openSUSE-SU-2013:1630-1)

This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. CRIME attack CVE-2012-4929. This update introduces a environment variable OPENSSLNODEFAULTZLIB which can be set to 'no' to reenable compressi...

OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402...

Fedora 19 : openssh-6.2p2-8.fc19 (2014-6569)

environment variables with embedded '=' or '0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - /etc/ssh/moduli is readable by all now - ssh-copy-id is run in so called legacy mode when SSHCOPYIDLEGACY...

Destoon 20140530最新版超全局变量覆盖导致的安全问题(官方demo演示)

简要描述： 短时间没找到合适的注入 找了个任意文件读取发上来了 详细说明： 代码片段0x1 /common.inc.php行17 None 这里用$GET配合上传unset了$FILES然后在extract$POST的时候重新初始化了$FILES 随便选个文件提交拦下数据包 修改 Content-Disposition: form-data; name="file"; filename="" 中的filename字段为空 如图就返回了我们要读取的文件了 漏洞证明：...

Caldera 'cdir' Parameter Absolute Path Directory Traversal

The Caldera installation on the remote host contains a PHP script that is affected by a directory traversal vulnerability. A remote, unauthenticated attacker can exploit this issue by sending a crafted request to the '/dirmng/index.php' script, allowing access to arbitrary directories on the remo...

Open redirect

lib/base.php in ownCloud before 4.0.8 does not properly validate the userid session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV...

CVE-2012-5336

The CVE-2012-5336 issue affects ownCloud Server versions prior to 4.0.8. The root cause is improper validation of the user_id session variable in lib/base.php, which allows remote authenticated users to read arbitrary files via WebDAV. Affected software: ownCloud Server

CVE-2013-4426

pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash...

Anymacro 邮件系统任意文件下载漏洞（需登陆）

简要描述： 详细说明： 在mailattrFw.php中 其中$Fcid可控，从客户端获取，可以通过../跳转字符，跳转到相应目录进行读取。。 如默认状态下$SESSION'maildir'为：/mail/xxx.com/xxx/Maildir/ $Fcid可设置为：../../../../../etc/passwd 即可读取passwd内容 漏洞证明：...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2011-4970

Removed by vendor...

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

Sql injection

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...

CVE-2014-2936

The CVE-2014-2936 entry concerns Caldera 9.20’s directory manager. The vulnerability stems from dynamic/global variable scope handling in multiple scripts (dirmng/index.php, PPD/index.php, dirmng/docmd.php, dirmng/param.php, via maindir_hotfolder or an unspecified parameter), enabling variable-in...