[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 3187 Download | Alert*

Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. For the stable distribution , this problem has been fixed in version 4.0.18.1-7+e ...

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3696 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. CVE-2009-3697 SQL injection vulnerability in the PDF schema gen ...

It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interfac ...

The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. For reference the original advisory text is below. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution , this problem has been fixed in version 3 ...

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discov ...

Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This a ...

It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks . Another cross-site scripting vulnerability was discovered in the antispam feature . For the stable distribution these problems have been fixed in version 1.5.3-1.2etch2. For the testing distribution these problems have been fixed in version 1.7.1-3+lenny1. For the unstable ...

The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution . For reference the original advisory text follows. Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies th ...

It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. For the stable distribution , this problem has been fixed in version 9.3.4-2etch4. For the unstable distributio ...

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a set ...


Pages:      Start    278    279    280    281    282    283    284    285    286    287    288    289    290    291    ..   318

© SecPod Technologies