92 matches found
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : openssh vulnerability (USN-2155-1)
Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions. Note that Tenable Network Security has extracted the preceding description block directly from the Ubun...
CVE-2013-2155
Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...
CVE-2013-2155
Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...
CVE-2013-2155
Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...
CVE-2013-2155
CVE-2013-2155 affects Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.1. The issue is failure to properly validate length values, allowing remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof signatures via crafted length val...
DSA-2710-1 xml-security-c - several
Bulletin has no description...
Debian: Security Advisory (DSA-2710-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-2155
CVE-2012-2155: CSRF vulnerability in the CDN2 Video module 6.x for Drupal. The issue allows remote attackers to hijack the authentication of unspecified victims via unknown vectors due to CSRF in the module’s Form API behavior. Affected software is the Drupal CDN2 Video contributed module (versio...
CVE-2012-2155
Cross-site request forgery CSRF vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
SA-CONTRIB-2012-050 - CDN2 Video - Unsupported
CDN2 is a plug and play module and video management service for Drupal. The module does not sanitize output correctly, allowing for a cross-site scripting XSS vulnerability. Additionally, the Form API is not correctly utilized allowing for cross-site request forgery CSRF attempts. This module...
CVE-2011-2155
The CVE-2011-2155 entry concerns SmarterTools SmarterStats 6.0. The vulnerability arises in Login.aspx where a password form field (ctl00$MPH$txtPassword) is generated with autocomplete enabled, which can enable an attacker to bypass authentication when a workstation is left unattended. According...
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...
Debian Security Advisory DSA 2155-1 (freetype)
The remote host is missing an update to freetype announced via advisory DSA 2155-1. OpenVAS Vulnerability Test $Id: deb21551.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2155-1 freetype Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2155-1 : freetype - several vulnerabilities
Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2155. The text itself is...
SuSE 11 Security Update : gimp (SAT Patch Number 2155)
Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files. CVE-2009-1570 / CVE-2009-3909 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2155. Reason: This candidate is a duplicate of CVE-2010-2155. Notes: All CVE users should reference CVE-2010-2155 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2010-2052
CVE-2010-2052 is a duplicate and not used; reference CVE-2010-2155.
[SECURITY] [DSA 2056-1] New zonecheck packages fix cross-site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-2056-1 [email protected] http://www.debian.org/security/ Sébastien Delafond June 06, 2010 http://www.debian.org/security/faq -...
CVE-2010-2155
Multiple cross-site scripting XSS vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 xmlnode.value, 2 zc-error text, 3 $zcversion, 4 domainname in a zc-title row, different vulnerabilities than...
CVE-2010-2155
Multiple cross-site scripting XSS vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 xmlnode.value, 2 zc-error text, 3 $zcversion, 4 domainname in a zc-title row, different vulnerabilities than...