openSUSE Security Update : redis (openSUSE-2017-1258)

This update for redis to version 4.0.2 fixes the following issues : - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability boo1002351 The following upstream changes are included : - SLOWLOG now logs the offending client name and address - The modules native data types...

Redis <= 4.0.2 Buffer Overflow Vulnerability

Redis is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; ifdescription...

IBM FileNet Workplace Cross-Site Scripting Vulnerability

IBM FileNet Workplace is IBM's out-of-the-box, Web-based application for end users related to enterprise content management. A cross-site scripting vulnerability exists in IBM FileNet Workplace version 4.0.2 that could allow a remote, authenticated user to inject arbitrary web script or HTML via ...

pidgin-otr denial of service vulnerability

pidgin is a set of free and easy to use chat client program. pidgin-otr is one of the plug-ins used to implement message logging . A denial of service vulnerability exists in pidgin-otr prior to version 4.0.2-1. A remote attacker can exploit this vulnerability to cause a denial of service...

SOLIDserver <= 5.0.4 - Local File Inclusion

Exploit for php platform in category web applications Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserve...

pidgin-otr -- use after free

Hanno Bock reports: The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function createsmpdialog...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

DEBIAN-CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

UBUNTU-CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

samba: cross-site request forgery vulnerability in SWAT

Cross-site request forgery CSRF vulnerability in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that...

Adobe Flash Media Server < 3.5.6 / 4.0.2 Multiple Vulnerabilities (APSB11-11)

The version of Adobe Flash Media Server running on the remote host is earlier than version 3.5.6 or 4.0.2. Such versions are potentially affected by the following vulnerabilities : - The server is affected by a memory corruption issue due to a race condition in the TLS extension code provided by...

N-13 News Cross-Site Request Forgery Vulnerability

This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability. OpenVAS Vulnerability Test $Id: gbn13newscsrfvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ N-13 News Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...

vBulletin < 4.0.2 PL4 Multiple Unspecified XSS Vulnerabilities

vBulletin is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

vBulletin Blog 4.0.2 - Title Cross-Site Scripting Vbulletin Blog 4.0.2 XSS Vulnerability Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved. The script is affected by Permanent XSS vulnerability, ...

Vbulletin Blog 4.0.2 XSS Vulnerability

Exploit for php platform in category web applications ====================================== Vbulletin Blog 4.0.2 XSS Vulnerability ====================================== Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin Version 4.0.2 Copyright 2010 vBulletin Solutions, In...

strongSwan 4.0.2 VPN Detection

Binary data 5310.prm...

PT-2009-4198 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0.2 iPhone OS versions prior to 3.1 iPhone OS versions prior to 3.1.1 for iPod touch Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via...

Debian Security Advisory DSA 1596-1 (typo3)

The remote host is missing an update to typo3 announced via advisory DSA 1596-1. OpenVAS Vulnerability Test $Id: deb15961.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1596-1 typo3 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...