DELTA 442940 0 1092578 SVNg)vKM<|fXpx^r S\PX]2}N=#XLI|4߷,HlIN1[ܤUM .̩_q# u—SJ>>SS+ZDH6(sJW"a$O'ª+og c%{0^Z mҲ(C 7AGU)aA` *-K?( :,\5D ܴJoV9y]y_}' tۓ' h%~> taE-i:NٛuAx^}Rˊ0]7_qɪ*eP00.,]8}dfh9)~9HtOr~6@:[)cp %{ h್O!?a@|h XG螑(mJNƽ_$L:Uo'ʄDpeTF틊AGg`Q!\70PjR[>4\O.5%=cHO ڑY^`9~i%ex^Mj0)l l)")A^& [B?&}RЬ47 7#z,HU7y#=v/(ENa9f/Pȁ7z4`܌q.ewCȠxHQu.Q0i$1Bz^W#ݡ_Ú<쒅*0<옇Ky'F[+Vri:(O0c댌"x|ܫj>.VTa ߥY\(N_?s+7y_lwJza]/x^M[k0_1z/Nv>4B%u,"$4^}Kbs>I`g6%|t$Gtx&ɰ 4xUPyf1Fr^!kD1X {IS31pdҩ/`㴗爁CYAcnW@aVL:D- zyƏ ?_/qS$ ht@b(`s2z9If;GaߨBxy.5܆XrT)>Ņ\}qa,皕vqkvY6+K2VnZW}[*`t-썢# Y? 6 ͉$Ǟ2u&BuɉU4vXߤ]VsCUr":P6!/ZY|J85J{R>Ux^R]K0}~EٓJ,ԧ`ב3KGӵۿ7m*LvI97Z ūV7_xV]< j]?OG3:΋1P[bAɤ" >dWdkC @k1 95紴mbe= Y|.H+(=LP+E;NW9oD¨[Ŗde T̄&m2h2)[+pSœ %)tt*Vᛛ_-cD T ҵ84+ 3ӠВ rA:֩j-z<̥mͅ™6=R`.xq=:!_K $MC~R@nP;," state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably15-5358 SA-15:135-07-210bb55a18-600a-11e6-a6c3-14dae9d210b8"> FreeBSD -- Denial of Service with IPv6 Router Advertisements J2N_Rq9x^ŒKn0 @)Az`z)-dEW;K۝ +)WgEXp8 C?߫,6pR }*F!^CKozD.+c^[ocWy~LˢzZӗS>hKADxgzl4 4hD'ֽ|>@P"@G(FY@O+@Ġ_rz_|qeh MibPtgvg{f%&nKy|6VKY-J2o|7e30]ƶJ;1LZ*.ki΅ XѰY-q뼜2y~J)SUuv љ+uV,a4H'u4[NIy E%e67v@>gx^Rn ]|J67QJF_l#q*ly=SvZExPAJ{ˆVLadחǥV>EءCFGO;'e0ǎ" LiA:m"&0 8isz(b4 ĸ(stC\.61sM/C3vHhRŋF+EY&U_I^#eāF"-[=O48{`nONiȊ\S>MFm\Tt4/hS**Pc!94+4FwW0X%jwp1҃`T&%x <#ruR{Z.ycܯ`ɚPIe/g_3.\@Z l,x^0S8RI6$dEXV=л' @yvK}muKW/eZy3XB\zy=4>UXkaR.jmfDНP@([+&o <ّZ nNz) BJh~ =R:MMk@0 TVhœ)_J"[iWH:Op#k-Ȉwb؞txZhD>. Jk.wL'v(N1;60rpmTKͨR=qn_bS~`l2#_O;CeQҎUX$gٖm =<=P򇲤C&Qs0T ! ?eD~:<qWNX,dD/;Ue.

We consider these vulnerabilities to be non-critical.

These vulnerabilities can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pagesurl>https://www.phpmyadmin.net/security/PMASA-2016-3/ CVE-2016-204060ab0e93-c60b-11e5-bf36-6805ca0b3d42"> phpmyadmin -- Unsafe generation of XSRF/CSRF tokenU)|m2>8662">

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000663" Nr>kGP> x^N >ٓ&.hWA.^5j6>N,);ݮ=4r|7-3vX*Z9ҒX+1l8YJD9~o\I 'KrV?X ay=G)pƐ(Wpzs.2w(VB}X!jԇ BKvbk,VVxM[LL ƱgCP׸5{m^fsɆm_#[ hc]rzw+}gˀE_@>cx^n0SY?,%qr(Wc\ZD%R W ҧ/U^tofXR5_r>0 Hw`H3}X*QRm 옕=Gp^`ʹ8؟|K %$s2F 081YcY>v@$aWo>\*wl5{(X7E󼧅rC2߆۰rVm6 0"S|Ve.NƬ?.KȏmyOhix C]nrڮ6mF;TMͪ*TRsl: yѠ /f_{-Cv:-Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack.

Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources5531fb3668df-32d7-11e5-a4a5-002590263bf5"> elasticsearch -- remote code execution via transport protocol elasticsearch 1.6.1Eo]U]eD>x^]10mD vN&J"JS =+`#۰ Fo>7Fec@U{m ձ;h|=LvE  aɚ\|ˀA}0`d=wW0 .FzP_SQVT}n$,|l׺@V9E I@$ާbh#e6}TJFǰIR;KN$Si74A2sMĊO =naq;9y rcȑDUzY F0v 2h][.Qqc'fQEQ|ز-Ր#yK{~vXV[ҽh#4[J4IMFn薭hC,c˺V*+YYb5(gQTc#;nJ\\X}bC@>Kx^Mo@ L.hhz$q&t23=T!2_~yjI珐%@('1=4uh!%AFo6Y>4MU~RCj / S+s*%g2a$U;x^uMo ϛ_j:_"mR5%m1]cp;R.jx=h@~sg&7#b/tXy}{KȨ]qk+{"l6\*µ6@&v 4&|y G^)_I'Lvȗ$a䟻,UPFNbB,WkZ\ryy~i*pSA ai_ARbd؆YO3y]RHP]JZ.j86q*V?F~2j@O:QItA3y m;r eDHHwq.l]2ZK 9-6 U| /?% yoe/0M誊F3$C_)c:J֘~@ki7kd%:$Jz`:9I{NDI>8e to trigger an XSS in the error reporting page16.php">

In the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary fileurl>http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php4.2.64.php">

Self-XSS due to unescaped HTML output in database structure page.

With a crafted table comment, it is possible to trigger an XSS in database structure page.

Self-XSS due to unescaped HTML output in database triggers page.

When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name.

x^eRMs ='BS:S ~ě!!Ӟ{h{g`p@ޤ`o=KOzODOO׈zĆm[6~7m˄hvŶiokȟ0YUl5J&Ԕ(ǓOjJz5B#rPT>]U8!|>~S 3DBt/Tʎ.97's}j qzh}AK*_WXQ̹ < !Osʹ@OJ }VO* (b愠7n7!=d 4-(tg2[ a61 ͘QبKGXo0:4VK';au 4wՉF'ZG4kWc׽M:5Kϔ"~xYi5xy=>bx^j0UJaȘ e0vh8 *G +oAot4PXlQ8rj}a]_ȳV*Nf0bt ; $i6kE@pOD^#y!WTj9F > ZkO'#FdSXDiF| {a35+ j|=C Ji գ Qeg1춶|,UG{,ısQ \@P>fx^n S $YtbL{I[8 hHҴҶl1F\7,Zzɽ91'h>l__qF2;Da8,8!VU!1[s tn0>ъ02s&#@ii_ɓN쥚=r/f\DJWɜ,4yP-M^4 -=`J:/E^]ha*;$; C|pBBRJp,Z.o[Oޅ od.PŮϾaf yff.7h9O>w9]~uP/UYJV갭_YL3m:ub+NhvpuJ0K's bBƑ+''˃'O{=à/ Havla$|Ȗ0ZcT՜91dbH˂8XZ64 :tiAp 4pOǣ\)a|H7 eˆ+RE ctQ30g7_- GO_)ko?JF4#%F0V߲ ~l6N2ؓ@2V\Lr7 t+mG@D.T= 1Ax^mPKo0>gň˶,(ʩ^޽V6ǐC!>XBYm 5a2zy2~ٳ%ig%!Nœ3fm9uiXv)LZ=fnꋦ9*8ۜ uS/'4RAFv@3>4x^]M0ϻb@jJ[*DBHH8p<ƞ3n[-DgCt&M SuQźVCnhM=z״i?L蘂ս0N#|*&ﺨqߔr]?n[Ϩ&(rz쪐W?31_FXUy*oA9' J\YooP>mvˑ''rxD* :OP^AP~x^r0 ShrJgL`N2)}c؎%Wd6T[>yu!8/4 cHLO͗uMe|Rߌ<^mR~be{$dU=Tխ~a:a;) 2range> 3.6.*,13.6.27ge>10.0,110.0.2ge>2.72.7.2ge>10.010.0.2 seamonkey 2.72.7.2e>10.010.0.2 3.1.*3.1.1911 libpng integer overflow "D-#9bg^fnC(W5RX`~>lx^Mo0 zi;Ė+g TEcIQv̺/%XdYQOou.sொ䴪7NaAzq0kP%q)m*%☫k|Y|VX;^e~nG7F,JROJG|n)3*'Qqwy12ϒ!08TZ  >B"f+plz5YdG7jia))z-6+n IɹZ`Z˨0U S.\¤MoBpv{gG_W]]C멇 Ғq"́ :Vg1[Kuc_E Om8Mx]+F\47jc-ͽ1bo* [e_#x"F~d :iZ[v"4x^uP]0|帇TdI[TB)G۷ױؽ_)@hvvfVBK7 &08hN 5L orFNs$Cw_|pZann 6 y:4ӭ(Cvdzgz zY:jnC?pGГ.2|*rk&x=L䞪\HdΤP?{QɄdP\ U|:ھZ$LxqhALEä$pE, ~{/k-Bx^n1Sa )(TPURHb^4Yof;:(Or'Q?nI?I?T?bt z̄C %/4,եMwz)Ԧ@e#@Bbl@Uօ6 K񢍲G/LsTL`…ƭշU.x2.n׷:y%g^[ f=!* Ȩv32Y}3|ĆϚݨ;LoвB{'ڬ^7ۅ]ק+A$yc4Fe B;ƁM;u,nfwrlˋAKtG\0z5ݵۦ}:kեh#g &xbb:ݫȅF[*%BӅY2RSJ~w~\>x^_O0şS:Vl{!b| 1kAcζcD4mo{~ܖ1fkTܟQ2RDAȈ1~]]Ga8#4QHI))K> 7F-'x^mRn0 =_ASdujam;]Z,i/?9NʓDH>@*GG0p7CVCKL_4JkOgC]_a#A4!b,%t.i,j _è~(vn*;8DY;i+xDÀE+ְGPЉE7*)Nz0v*V~/XDzRz)x^Rn =ovwPتFثBVZ5R8 f1 DN*d%qp h[?K\d;-YvGfDt_WfxɔygUjf \TEnz T]%>o{SQ[~`R^d]4sGZʲUY?uZ5ഋSdlK@HHđd*46 hN.&A$h#&l V`y4|xpcx%h;YX4.rͩY?p5hjbOw//Uk~}>b\<Vn6Tw1>Kx^}SMo0 =;ur78@] Zc-JL׏b0(OX` ↀ;X ȱ>b] ֬@SDgj]uϯb78{ 蕨Q̋u] 9R.'ID=Uj3 e bx`@ AJlv80VWeL^pؔTF2`P~mVg ʕ䭧LS&5'q -VzXgX; (=n:nmg\Fl@a06)(.ģ5 >^MRdg" (*ᡧH/.*V ttnF "Ra﷯EdةSE+KP"5yx^mRMo0 =7yYA0Rhw.dNʢvٯe'i;̀zخ?iT:%Q+CUJ\Ue^<Чf"6mUS]^UB^A(/MV?CUhHPÀ:{~V;lWҫOZ3Xmu]*gzA|^fߴz#tuSȚ9l'Hދ*(0<%F!1Wwrи7$xcp1X_3` (GgB/SWk7y7Xz*^kKwIhiI-ybC}b|iF-ՔXxD@]z`Ε5!;w(d:Y?*6̎fyƪ.g@?Ir1dEB/6$ C>x^Ok@ Rִ6K顡!{Y˱x4x=CЃ{Ў\ Es6mS$8f96M'cI)5|LRls1p"hjGpi3 |'/{pl%zy=KIU(Yȉ$w !e75{! tYY)8J3l{goa*K5=;Xˁ0jd5#H8V™89`2ڤG}&H75E NK3W+HCgvv-gehUcwtQk_߮WKgKUƎEj2RB7~@t^Z%?. B>Bx^n0S |({0PAP"B*IU>r*Ol(KCa*r!HhDMҋ;p_q pR9aȈT Dv^K*ϭ(]pk%i-j "|N r?\oȗ+" KD9hkۺVg|&p!й0e \5g=Pw}RjLy_*J1xF Cpl=ϧkqpjd7R& L=,4ʸ*r%dlgyqAxl6aY}1[֡ W%8BҚ\d#eoJ%m]l#H4u_cAD9F<siZn-Q^(c)|Aśx)׋MD&?JC%|3m#\i廔pOGscl\pnJD 75S$0zу;8Bx^S͎0>O1 !q\ zD{BF8ay$  CNj+$ =WNX`d0@~9pgZ0Ǟ#WRYk}OҕJ 胥??9akWExS!/AY|!]`U}zzn-%oՑ7s&MLр}*duhvt?~( 3NBwQք?mnjجH m`7@" /iLZR+N+1E"AMRd &E֊򔐷im:ujy 8Px+ZܧurɅL2'fE8aԷx*\CO{\Avu.Ч2;߸-yI\Kj/?$}a+r0>PF fJ@5t@H>x^QO0ǟSܣ&c & 1Kםak3mD%Kn_1F~PgLpF;  }]Y_g$+iAh22>Ύuu6=&{h)6cGI@Hda5v=-Im6ke7YҖ Z99Ec4t}7e>Uf ZVilzZA6yAA6"k3֠tVy9NnXfGd\ɫ[&hƝSBtCk+*(,*7( *`yVBygV~e_pO<@@14,N>65/">

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.

Example: http://[host]/index.php?file=.//././/././/././/./[file]%00909 http://coppermine-gallery.net/forum/index.php?topic=3anG>{x^mRMo0=_1걂P7@ę$u03v=ٮ9YyI qN ()t<$2=I 0r\˜9B?6#+̒H eA/ܹ eS[B!Oڹ_/ cE熹O?)YxִQtٕW̏Π(T9*F FQ(Ko`1sZjkQj_㼫޲ {P6ZJ3ޔPSJKu?/3"v n9vc8K'O`?K[^w+{jZWc>V n]\ސNM]b9-s 6`*=.Ϋ}WDu =vdRJDB5*e k -Otq&r -B>Bx^eRKo@ >ïz(HHJZ^IL'v434z<;TB˟7o#Qe頚~v!*lzO헣>,y.a+Փ縔(TmϛӢ;\]L!D?V^#xh ḋyzY"yA?Z О hh$i.{ 絅+62tf{ ;V_k(13'nK"{g.b[Tގߌ(8?9au[TM4"><~۟jckjt9"k\+7}ޒ cX6R ~βR8ֶ䓦fyH*Wˈau!exEχ:&a/G P~0v~(>|x^n ۧ sS9+OIpjO_GMۋ,~<.>3WF3  QԠ4ˆ T^z^0-KUzq2F+2 H*/Z0Vu ?<2_T9Yri"{YJ32T)L|(<6(iAYvJT\8K1&NRۍ#J\pVZ+#S”̣Su ]|~}`-gFUwDHȤh Ch1ZkPٿ-dI;qP޺+rY16@o n#!8ftx^Rn0 {_A\l5"Pt):YevȒ NvEzI|(|xxƵ^$TC44 G|2?姲Ȋо}BdxPޑ4.w`z!c/ "Jm1p B9 (ђwQ!rІ A ĵ;Iʏ9'!]`{ &z)0Ng'9ǂ]IV Ɇɳ~Y瘫OdzܯjȲMH㺋Ƃg&h{$>Kx^Un { MZB2w pTyAU+-]_;y)QF3ң`ұIGh C?$0&m; h DA%`z" jjY|Բ.[w=lDb{¦JnX,8[nW{qԍ+ kg^oZR3c}16MS9%ma>f{<%/ճo;'#3Ex^mR0=wBR(زbqe)"KDlcYt ̛#dd!Q! {v$ʄxΚ V_'} A.Kȩ fa$\`n+[EMYsz1Tˊ]ÐL^};tx :vǠm9S?V!DF@Y]ןT/bE5cyGY|m8.@ӤM3ബ7R~OWH=YQŶ:Jd]ְRfETݦW7h ۴ eS Bb$wCbiYf=x7(M't]! fq m|Ӽb{H/w9x)?h'ߺKq>= LFmNs$dݎrf]Dq/:# Ft>Nx^mR0dd~ h0"Q u3% QYk 4>ŔnJWK%M*=`4ntN,u\匭ٖ~͋'8:UCN1(D6" L~zlcoD׿wy ް]I`5;NgNG::0;[҄e+Tge͇[Iћg>r8#(y -ehh\sz{7\ȁ08+*V3WvBp Aq-}!QS[CI'$aBEt\p3Iq5bBejFN |5-R 8yydS)peQEZ#e WOuEv@gWTx^r S8#b;K;i"8fŨI6=oc[nu$TI d:mҴ u o4Ž&:}ҰFVo(Qa:Xb=޷/Ql&Y;B ( JT,?Z1 غO\\+