A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. Date published : 2019-11-28 https://gist.github.com/xax007/28e7326acfae677be0b351216888e522 https://github.com/fusionpbx/fusionpbx/commit/aea1abaeb12f69dc22967395c528fb2434e316c1
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. Date published : 2019-11-28 https://github.com/MISP/MISP/commit/e05dc512a437284f14624da23cca4a829a76aebf
In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for...
In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and...
** DISPUTED ** A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not...
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Date published :...
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. Date published : 2019-11-27 http://packetstormsecurity.com/files/162145/vsftpd-2.3.4-Backdoor-Command-Execution.html https://access.redhat.com/security/cve/cve-2011-2523
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. Date published : 2019-11-27 https://www.securityfocus.com/bid/48557/info https://access.redhat.com/security/cve/cve-2011-2515
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause...
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. Date published : 2019-11-27 https://access.redhat.com/security/cve/cve-2011-2207 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. Date published : 2019-11-27...
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. Date published : 2019-11-27 https://access.redhat.com/security/cve/cve-2011-2177 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2177
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. Date published : 2019-11-27 http://www.openwall.com/lists/oss-security/2014/08/16/7 http://www.securityfocus.com/bid/69245
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. Date published : 2019-11-27 http://www.openwall.com/lists/oss-security/2012/10/15/1 http://www.openwall.com/lists/oss-security/2012/10/17/13