680 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro command en el archivo request/vlm_cmd.xml, (2) parámetro dir en el archivo request/browse.xml, o (3) URI en una petición, que es devuelta en un mensaje de error por medio del archivo share/lua/intf/http.lua. • http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html http://www.videolan.org/developers/vlc-branch/NEWS https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 https://security-tracker.debian.org/tracker/CVE-2014-3495 • CWE-295: Improper Certificate Validation •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 http://www.openwall.com/lists/oss-security/2014/03/14/2 http://www.securityfocus.com/bid/66214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387 https://exchange.xforce.ibmcloud.com/vulnerabilities/91992 https://security-tracker.debian.org/tracker/CVE-2014-2387 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 1

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. Existe un problema en AccountService versión 0.6.37, en la función user_change_password_authorized_cb() en el archivo user.c, lo que podría permitir a usuarios locales obtener contraseñas cifradas. • http://www.openwall.com/lists/oss-security/2014/08/16/7 http://www.securityfocus.com/bid/69245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655 https://exchange.xforce.ibmcloud.com/vulnerabilities/95325 https://security-tracker.debian.org/tracker/CVE-2012-6655 • CWE-732: Incorrect Permission Assignment for Critical Resource •