[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 1830 Download | Alert*

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue.

A denial of service condition was found in Ruby"s regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash . A number of flaws were found in Ruby that could allow an attacker to create a carefully crafted script that could allow for the bypass of certain safe-level restrictions . A denial o ...

Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates . Update: It was found that the previously-published patch to correct this issue caused a regression when dealing with self ...

Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates . The updated packages have been patched to correct this issue.

A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed . An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text ...

Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . Update: The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not ca ...

Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . The updated packages have been patched to prevent this issue.

A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code . The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity lim ...

A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user"s system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a speci ...

Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing + , %2b , . , %2e , or %20 character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandle ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   182

© SecPod Technologies