[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3014 Download | Alert*

Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. For the stable distribution , this problem has been fixed in version ...

Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System , a trouble-ticket system. In addition, this security update a failure when upgrading the package from lenny to squeeze. The oldstable distribution is not affected by this problem.

Several remote vulnerabilities have been discovered in python-zodb, a set of tools for using ZODB, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: CVE-2009-0668 The ZEO server doesn"t restrict the callables when unpickling data received from a malicious client which can be used by an attacker to exec ...

Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0446 Multiple cross-site scripting vulnerabilities when JavaScript encoding is used, allow remote attackers to inject arbitrary web script or HTML. CVE-2011-0447 Rails does not properly validate HTTP requests that c ...

Mark Martinec discovered that Perl incorrectly clears the tainted flag on values returned by case conversion functions such as "lc". This may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are known at this stage. Such applications will cease to work when this security update is applied because taint che ...

Robert Luberda discovered a buffer overflow in the syslog logging code of Super, a tool to execute scripts as if they were root. The default Debian configuration is not affected.

It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash. The squid package and the version of squid3 shipped in lenny lack IPv6 support and are not affected by this issue.

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.

Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: CVE-2012-5643 squid"s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. CVE-2013-0189 The original patch for CVE-2012-5643 was ...

It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution is not affected by this problem.

Pages:      Start    277    278    279    280    281    282    283    284    285    286    287    288    289    290    ..   301

© 2013 SecPod Technologies