[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6547 Download | Alert*

It was discovered that Zookeeper, a service for maintaining configuration information, didn"t restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively

A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube"s configuration files.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash.

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. More information can be found ...

Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions.

Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation.

It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks.

Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6265 Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash , or potentially to execute arbitrary code with the privileges of the user running MuPDF, i ...

It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.


Pages:      Start    263    264    265    266    267    268    269    270    271    272    273    274    275    276    ..   654

© SecPod Technologies