[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

103942

 
 

909

 
 

84080

 
 

133

 
 
Paid content will be excluded from the download.

Filter
Matches : 248 Download | Alert*

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2b through 1.0.2n and is prone to a cache timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful exploitation can allow attackers to crash the application.

The host is installed with Apache Tomcat 7.x before 7.0.81 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted request. Successful exploitation allows attackers to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext.

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.

The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   24

© 2013 SecPod Technologies