[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 85329 Download | Alert*

It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames .

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 January 1970]. CVE-2013-1776 Ryan Castellucci and James Og ...

Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.

It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution is not affected by this problem.

Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.

Rainer Koirikivi discovered a directory traversal vulnerability with "ssi" template tags in python-django, a high-level Python web development framework. It was shown that the handling of the "ALLOWED_INCLUDE_ROOTS" setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulnerable to a directory traversal attack, by specifying a file path which begins as the absolute path o ...

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package. The oldstable distribution is not affected by this problem; the libi18n-ruby package does not contai ...

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter.

The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems. For reference the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 ...

Pages:      Start    7760    7761    7762    7763    7764    7765    7766    7767    7768    7769    7770    7771    7772    7773    ..   8532

© SecPod Technologies