Download
| Alert*
oval:org.secpod.oval:def:200502
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:200567 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:700297 It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following &q ... oval:org.secpod.oval:def:600335 David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expos ... oval:org.secpod.oval:def:202769 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:102037 cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP ... oval:org.secpod.oval:def:202722 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:200373 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:500686 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:200368 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:200369 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:200248 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.mitre.oval:def:7678 David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expos ... oval:org.secpod.oval:def:300690 A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files via a redirect to a file: URL, or execute arbitrary commands via a redirect to an scp: URL . The updated packa ... oval:org.secpod.oval:def:3880 The host is installed with Apple Mac OS X 10.5.8 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a redirect. Successful exploitation could allow attackers to access local files oval:org.secpod.oval:def:101708 cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP ... oval:org.secpod.oval:def:3869 The host is missing an important security update according to Apple advisory, APPLE-SA-2010-03-29-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize user supplied input. Successful exploitation could allow attackers t ... |