[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 87855 Download | Alert*

The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly implement the temporary directory search algorithm. Successful exploitation could allow remote attackers to cause a denial of service.

Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3305 A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header. CVE-2009-4143 A malicous client could cause polipo to crash by sending a large Content-Length value. Thi ...

Two vulnerabilities have been discovered in, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3298 Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account. CVE-2009-3299 Sven Vetsch discovered a cross-site scriptin ...

Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. For the stable distribution , this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution , this problem has been fixed in version ...

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. For the stable distribution , this problem has been fixed in version 4.7~rc2-7lenny3. The oldstable distribution , this problem has been fixed in version 4.5.14-22etch13. For the testing distribution , ...

Marek Grzybowski discovered that changetrack, a program to monitor changes to files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. For the stable distribution , this problem has been fixed in version 4.3-3+lenny1. For the oldstable distribution , this problem has been fixed in versio ...

It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. For the stable distribution , these problem have been fixed in version 4.7~rc2-7lenny2. The oldstable distribution , these problems have ...

Russell Senior discovered that the system authentication module selection mechanism for PAM did not safely handle an empty selection. If an administrator had specifically removed the default list of modules or failed to chose a module when operating debconf in a very unlikely non-default configuration, PAM would allow any authentication attempt, which could lead to remote attackers gaining access ...

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains Java ...

Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.


Pages:      Start    7756    7757    7758    7759    7760    7761    7762    7763    7764    7765    7766    7767    7768    7769    ..   8785

© SecPod Technologies