[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3680 Download | Alert*

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attac ...

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when pr ...

It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tric ...

Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges

Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain ...

It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote ...

It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or ...

mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL.

It was discovered that cron did not properly check the return code of the setgid and initgroups system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid check referred to by CVE-2006-2607.

lxc: Linux Containers userspace tools LXC could be made to create arbitrary virtual network interfaces as an administrator.

Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   367

© SecPod Technologies