[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6552 Download | Alert*

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, "p" or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp" are in allowed tags and "strip_comments=False" is set.

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, "p" or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp" are in allowed tags and "strip_comments=False" is set.

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. Tom Lane di ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl cod ...

Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.

Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.

Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. For the old stable distribution (sarge), this problem has been fixed in version 2.6.16-7sarge1. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg ...

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered t ...

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of e ...

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 dis ...


Pages:      Start    417    418    419    420    421    422    423    424    425    426    427    428    429    430    ..   655

© SecPod Technologies