The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly...
The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. Date published : 2013-11-26...
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management – Collaborative Edition 10.x before 10.1 FP7 and 11.0...
Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. Date published : 2013-11-26 https://www.trustwave.com/spiderlabs/advisories/TWSL2013-034.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/89172
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429....
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. Date published : 2013-11-25 http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html http://secunia.com/advisories/55739
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-11-25 http://www.splunk.com/view/SP-CAAAJCD http://www.securitytracker.com/id/1029385
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-11-25 https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. Date published : 2013-11-25 https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter...
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer...
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a...
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file...