[Forgot Password]
Login  Register Subscribe

24437

 
 

131950

 
 

117582

 
 

909

 
 

91563

 
 

143

 
 
Paid content will be excluded from the download.

Filter
Matches : 91541 Download | Alert*

The host is installed with Apple iTunes before 11.1.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle the contents of the iTunes Tutorials window. Successful exploitation allows attackers to gain control and inject arbitrary contents.

The host is installed with Apple iTunes before 11.2 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Set-Cookie HTTP headers. Successful exploitation could allow attackers to strip security settings from the cookie by forcing the connection to close before the security settings were sent and then obtain the value of the unpr ...

The host is missing an important security update according to Apple security advisory, APPLE-SA-2014-05-15-2. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Set-Cookie HTTP headers. Successful exploitation could allow attackers to strip security settings from the cookie by forcing the connection to close befo ...

A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine.

John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash or even remote code execution.

Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug.

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user"s environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error.

It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data , performs incorrect verification of 304 replies , does not perform the checksum check when the Acquire::GzipIndexes option is used and does not properly perform validation for binary packages downloaded by the apt-get download command .

The previous update for apt, DSA-3025-1, introduced a regression when file:/// sources are used and those are on a different partition than the apt state directory. This update fixes the regression. For reference, the original advisory follows. It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data , performs incorrect verification of 304 repl ...


Pages:      Start    8052    8053    8054    8055    8056    8057    8058    8059    8060    8061    8062    8063    8064    8065    ..   9154

© SecPod Technologies