[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UIDand DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time"restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

Gajim through 0.16.7 unconditionally implements the "XEP-0146: RemoteControlling Clients" extension. This can be abused by malicious XMPPservers to, for example, extract plaintext from OTR encrypted sessions.

The sanity check module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service via a crafted HTTP response or possibly a UPnP broadcast.

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service via a too small section.

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service or gain privileges via a long GECOS field, involving longbuffer.

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service via a crafted PDF file.

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by read ing these files.

The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function.


Pages:      Start    596    597    598    599    600    601    602    603    604    605    606    607    608    609    ..   1513

© SecPod Technologies