|Paid content will be excluded from the download.
| Matches : 2990
|Andy Lutomirski discovered that tcsd was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.
Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue i ...
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files readable for the webserver. CVE-2013-1643 The soap.wsdl_cache_dir function did not take PHP open_basedir r ...
A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.
Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code.
Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses.
Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled.
Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. In order to avoid the remote code execution vulnerability, it is recommended to create a .htaccess file in each of your site ...
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows. CVE-2013-6479 Jacob Appelbaum discovered that a malicious server or a "m ...
Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential sec ...
Pages:      Start    280    281    282    283    284    285    286    287    288    289    290    291    292    293    ..   298
© 2013 SecPod Technologies