|Paid content will be excluded from the download.
| Matches : 28869
|It was discovered that the Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database. This updated package corrects this problem for new installations and will carefully try to update existing ones. Administrato ...
It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. The squid package in the oldstable distribution (etch) is not affected by this p ...
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. The oldstable distribution (etch) does not contain mahara.
tixxDZ discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc"s real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue.
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.
Several vulnerabilities have been discovered in drupal6, a fully-featured content management framework. A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupal_goto is susceptible to a phishing attack. An attacker could form ...
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
tixxDZ discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer"s real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue.
Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files.
Pages:      Start    2877    2878    2879    2880    2881    2882    2883    2884    2885    2886    ..   2886
© 2013 SecPod Technologies