[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6597 Download | Alert*

David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect. Th ...

James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Impor ...

It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a we ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the ...

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2560 A NULL pointer dereference was found in the RADIUS dissector. CVE-2009-3550 A NULL pointer dereference was found in the DCERP/NT dissec ...

It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. The oldstable distribution does not include ganeti.

It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master. For the stable distribution , this problem has been fixed in version 1.2.6-3+lenny2. For the testing distribution , this problem will be fixed in versio ...

Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that macro security settings were insufficiently enforced for VBA macros. It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This als ...

Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC ...

Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.


Pages:      Start    376    377    378    379    380    381    382    383    384    385    386    387    388    389    ..   659

© SecPod Technologies