[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139033

 
 

909

 
 

112583

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 1830 Download | Alert*

Multiple vulnerabilities has been found and corrected in imagemagick: A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code . A denial of service flaw was found in the way ImageMag ...

Multiple vulnerabilities has been found and corrected in imagemagick: Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory . A flaw was found in the way ImageMagick processed images with malformed Exchangeable image ...

It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application . The updated packages have been patched to correct t ...

A vulnerability has been discovered and corrected in mono: Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message . The updated pac ...

Multiple vulnerabilities has been found and corrected in apache : Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp . XSS in mod_proxy_balancer manager interface . Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the ...

A vulnerability was found and corrected in openldap: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned . The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service via a crafted References header in an e-mail message . The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in fcgi: The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in freeradius: The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate . The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in libsoup: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e in a URI . The updated packages have been patched to correct this issue.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   182

© SecPod Technologies