[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 3262 Download | Alert*

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.

Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker t ...

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the "Lucky Thirteen" issue. CVE-2013-1621 An array index error might allow ...

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject"s Common Name field of an X.509 certificate . Mox ...

Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.

Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The following issues have been fixed in both the stable (lenny) and the oldstable (etch) distributions: CVE-2009-2687, CVE-2009-3292. The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a ...

Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middl ...

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution (etch).


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   326

© SecPod Technologies