Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 57515 in total

GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit

Disclosed: October 27, 2014

This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1...

DSA-3055-1 pidgin -- security update Vulnerability

  • Severity: 4
  • Published: October 22, 2014

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:

SUSE Linux Security Advisory: CVE-2014-3461 Vulnerability

  • Severity: 4
  • Published: October 22, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Advisory: CVE-2014-0223 Vulnerability

  • Severity: 4
  • Published: October 22, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Advisory: CVE-2014-0222 Vulnerability

  • Severity: 4
  • Published: October 22, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Advisory: CVE-2014-6272 Vulnerability

  • Severity: 4
  • Published: October 22, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Apple iOS Vulnerability: CVE-2014-4449 Vulnerability

  • Severity: 7
  • Published: October 21, 2014

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

ELSA-2014-1654 Important: Oracle Linux 6 rsyslog7 security update Vulnerability

  • Severity: 4
  • Published: October 21, 2014

Oracle Linux Security Advisory ELSA-2014-1654 https://rhn.redhat.com/errata/RHSA-2014-1654.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: rsyslog7-7.4.10-3.el6_6.i686.rpm rsyslog7-elasticsearch-7.4.10-3.el6_6.i686.rpm rsyslog7-gnutls-7.4.10-3.el6_6.i686.rpm rsyslog7-gssap...

Apple iOS Vulnerability: CVE-2014-4450 Vulnerability

  • Severity: 2
  • Published: October 21, 2014

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.