|Paid content will be excluded from the download.
| Matches : 2936
|Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address. The old stable distribution (sarge) doesn't contain fail2ban. For the stable distribution (etch), this problem has been fixed in version 0.7.5-2etch1. For the unstable distribution (sid), this problem has been fixe ...
It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code.
Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code.
Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function , the test_compr_eb function and the getZip64Data function , which may lead to the execution of arbitrary code.
A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting .
The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions. Namely: * The calendar popup page in Internet Explorer would be blocked by the CSRF protection mechanism. * Search results pages could not be shared without saving, sharing, and then loading the search. * rt-email-dashboards would fail with an error due to a call to an undefined " ...
Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data.
SÃ©bastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers.
The recent security updates for request-tracker3.8, DSA-2480-1 and DSA-2480-2, contained another regression when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" mechanism is not recommended, especially when using mod_perl.
It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" mechanism is not recommended, especially when using mod_perl.
Pages:      Start    281    282    283    284    285    286    287    288    289    290    291    292    293    ..   293
© 2013 SecPod Technologies