[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

128796

 
 

909

 
 

106110

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 3976 Download | Alert*

It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.

It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)

Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers ...

It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation.

Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.

Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This a ...

The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). In addition, this security update addresses a regression in the REXML XML parser of the ruby1.8 package; the regression was introduced in DSA-1651-1.

It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).

Several vulnerabilities have been discovered in Ruby. The Common Vulnerabilities and Exposures project identifies the following problems: The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. An issue in parsing BigDecimal numbers can result in a denial-of-service condition (crash). The following matrix identifies fixed vers ...

Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   397

© SecPod Technologies