CVE-2016-9852

An issue in phpMyAdmin (CVE-2016-9852) allows PHP errors revealing the full installation path to be produced when calling certain scripts, and during export time, those errors can be written into the export file. Affected are all 4.6.x versions prior to 4.6.5 and 4.4.x versions prior to 4.4.15.9....

CVE-2016-9852

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9852

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

Downloads Resources over HTTP

Overview Affected versions of mystem-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Downloads Resources over HTTP

Overview Affected versions of selenium-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Fedora 25 : 1:tomcat (2016-f4a443888b)

This updates includes a rebase from tomcat 8.0.32 up to 8.0.36 to resolve : - rhbz1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service and also includes the following bug fixes : - rhbz1341850 tomcat-jsvc.service has TOMCATUSER value hard-coded -...

MySQL / MariaDB / PerconaDB Root Privilege Escalation

============================================= - Release date: 01.11.2016 - Discovered by: Dawid Golunski - Severity: High/Critical - CVE-2016-6664 / OCVE-2016-5617 - http://legalhackers.com ============================================= I. VULNERABILITY ------------------------- MySQL / MariaDB /...

[SECURITY] Fedora 24 Update: kf5-gpgmepp-16.08.2-1.fc24

C++ wrapper and Qt integration for GpgMe library...

Fedora 23 : 1:tomcat (2016-0a4dccdd23)

This updates includes a rebase from tomcat 8.0.32 up to 8.0.36 to resolve : - rhbz1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service and also includes the following bug fixes : - rhbz1341850 tomcat-jsvc.service has TOMCATUSER value hard-coded -...

PrinceXML Wrapper Class Command Injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications web applications. http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP class, there are likely numerous command injection...

The vulnerability of the Thunderbird email client, which allows a malicious actor to circumvent restrictions

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certai...

The vulnerability of the Firefox browser, which allows a malicious individual to circumvent restrictions

Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloning...

The vulnerability of the Firefox ESR browser allows a malicious individual to circumvent restrictions

Mozilla Firefox ESR contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper software module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, due to the permission granted for...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent restrictions

Mozilla SeaMonkey’s software contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper program module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloni...

Peach Fuzz - Vulnerability Scanning Framework

This tool aims to look through files in a given directory to detect any unsafe, vulnerable, or dangerous function calls. It is designed to be extensible and easy to understand; you can "plug-and-play" modules that specify criteria on which types of files will trigger what 'scans,' in which you...

WordPress Theme Newspaper 6.7.1 - Privilege Escalation

WordPress Theme Newspaper 6.7.1 - Privilege Escalation Vendor Homepage: http://tagdiv.com/newspaper/ Software Link: http://themeforest.net/item/newspaper/5489609 Version: 6.7.1 Tested on: Debian 8, PHP 5.6.17-3 Type: WP Options Overwrite, Possible more Time line: Found 23-APR-2016, Vendor notifie...

DEBIAN-CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

Fedora 21 : php-5.6.14-1.fc21 (2015-366f3dd73f)

01 Oct 2015, PHP 5.6.14 Core: Fixed bug php70370 Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions. Adam CLI server: Fixed bug php68291 404 on urls with '+'. cmb DOM: Fixed bug php70001 Assigning to DOMNode::textContent does additional entity encoding. cmb Mysqlnd: Fixed bug...

ALPINE-CVE-2016-2328

libswscale/swscaleunscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service out-of-bounds array read access or possibly have unspecified other impact via a crafted .cine file, related to the bayertorgb24wrapper and...