UBUNTU-CVE-2014-0064

Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflo...

Fedora Update for kernel FEDORA-2014-2576

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

CVE-2014-1915

CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

doorGets CMS 5.2 SQL Injection

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...

Linux Kernel 3.4 3.13.2 (Ubuntu 13.0413.10 x64) - CONFIG_X86_X32y Local Privilege Escalation (3)

Linux Kernel 3.4 3.13.2 Ubuntu 13.0413.10 x64 - CONFIGX86X32y Local Privilege Escalation 3 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13...

CVE-2013-4160

Little CMS lcms2 before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service NULL pointer dereference and crash via vectors related to 1 cmsStageAllocLabV2ToV4curves, 2 cmsPipelineDup, 3 cmsAllocProfileSequenceDescription, 4 CurvesAlloc, and ...

JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905...

Network Time Foundation ntpd Service Network Traffic Amplification Issue

A vulnerability in the Network Time Protocol NTP package of several Cisco products could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to processing MODEPRIVATE Mode 7 NTP control messages, which have a large...

ATI video drivers DoS

Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector...

Song Exporter 2.1.1 RS Local File Inclusion

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-19 Vulnerability Laboratory ID VL-ID: ====================================...

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-18 Vulnerability Laboratory ID VL-ID: ====================================...

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-18 Vulnerability Laboratory ID VL-ID: ====================================...

UBUNTU-CVE-2013-6394

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector IV, which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks...

Cross site scripting

Cross-site scripting XSS vulnerability in the search implementation in IBM Rational Quality Manager RQM 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to...

OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS...

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Exploit for php platform in category web applications TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================...