[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions.

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger this vulnerability.

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

It was discovered that libice-dev before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service.

The parse_dict_node function in bplist.c in libplist++-dev allows attackers to cause a denial of service via a crafted file.

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup.

The gst_asf_demux_process_ext_stream_props function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3allows remote attackers to cause a denial of service via vectors related to the number of languages in a video file.

The plist_free_data function in plist.c in libplist++-dev allows attackers to cause a denial of service via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.


Pages:      Start    611    612    613    614    615    616    617    618    619    620    621    622    623    624    ..   1513

© SecPod Technologies