[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3262 Download | Alert*

It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presense of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-based containers. Further information on the prerequites of such an attack can be found at https://sr ...

Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator should ensure the instanced versions are also updated, either by patching them manually or by recr ...

It was discovered that the patch to fix CVE-2016-6635 added a function already present in the code, preventing the website to display completely. The package has been updated to fix this regression.

The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution , nor the testing and unstable distributions.

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname"s length larger than 255 bytes and does not properly handle dot inside labels. A remote, unaut ...

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened

The update for php5 issued as DSA-3732-1 caused segfaults in php-ssh2. Updated packages are now available to correct this issue.

Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered that it was possible to invoke scp with certain options that may lead to the execution of arbitrary c ...

Joernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application: Logged in users may be able to access private data. The Textile formatter allowed for cross site scripting, exposing sensitive data to an attacker. The Bazaar repository adapter could be used to remotely execute commands on the host running Redmine. The oldstable distribution does not conta ...

Cédric Krier discovered a vulnerability in the server-side of Tryton, an application framework written in Python. An aunthenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written. The oldstable distribution is not affected.

Pages:      Start    312    313    314    315    316    317    318    319    320    321    322    323    324    325    ..   326

© SecPod Technologies