Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 56038 in total

ManageEngine OpManager / Social IT Arbitrary File Upload Exploit

Disclosed: September 27, 2014

This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

Sun Patch: SunOS 5.9: bash patch Vulnerability

  • Severity: 10
  • Published: September 25, 2014

From Sun Patch 149079-01

Sun has released a security patch addressing the following issues:

19678459 problem with bash 19682871 problem with bash

Amazon Linux AMI: Security patch for python-simplejson (ALAS-2014-374) (CVE-2014-4616) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.

Quoting the upstream bug report:

The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scans...

Sun Patch: SunOS 5.9_x86: bash patch Vulnerability

  • Severity: 10
  • Published: September 25, 2014

From Sun Patch 149080-01

Sun has released a security patch addressing the following issues:

19678459 problem with bash 19682871 problem with bash

Amazon Linux AMI: Security patch for perl-Capture-Tiny (ALAS-2014-358) (CVE-2014-1875) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files:

./lib/Capture/Tiny.pm: $stash->{flag_files}{$which} = scalar tmpnam();

This module makes use of the mktemp() function when called in the scalar context, which creates s...

Amazon Linux AMI: Security patch for libxml2 (ALAS-2014-341) (CVE-2014-0191) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaus...

Amazon Linux AMI: Security patch for curl (ALAS-2014-407) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

By not detecting and rejecting domain names for partial literal IP addresses properly when pars...

RHSA-2014:1307: nss security update Vulnerability

  • Severity: 4
  • Published: September 25, 2014

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) i...