Lucene search
+L

61 matches found

securityvulns
securityvulns
added 2013/11/26 12:0 a.m.66 views

[SECURITY] [DSA 2801-1] libhttp-body-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.6AI score0.02877EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/11/26 12:0 a.m.21 views

Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)

Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...

6.8CVSS5.7AI score0.02877EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/11/23 6:55 p.m.23 views

CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS5.9AI score0.02877EPSS
Exploits0References1
CVE
CVE
added 2013/11/23 12:0 a.m.137 views

CVE-2013-4407

CVE-2013-4407 affects Perl’s HTTP::Body::Multipart in the HTTP-Body module. Vulnerable: Perl HTTP-Body versions 1.07–1.22 (before 1.23) where the code uses the part of the uploaded file name after the first dot as the suffix of a temporary file, which may be misinterpreted by downstream logic tha...

6.8CVSS6.3AI score0.02877EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2013/11/23 12:0 a.m.57 views

CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS6.4AI score0.02877EPSS
Exploits0
Mageia
Mageia
added 2013/11/22 7:20 p.m.26 views

Updated perl-HTTP-Body packages fix CVE-2013-4407

Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...

6.8CVSS0.2AI score0.02877EPSS
Exploits0References2
Debian
Debian
added 2013/11/21 8:35 p.m.56 views

[SECURITY] [DSA 2801-1] libhttp-body-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...

6.8CVSS6AI score0.02877EPSS
Exploits0
Debian
Debian
added 2013/11/21 8:35 p.m.71 views

[SECURITY] [DSA 2801-1] libhttp-body-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.7AI score0.02877EPSS
Exploits0
NVD
NVD
added 2012/09/19 10:57 a.m.21 views

CVE-2012-4407

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...

5CVSS5.9AI score0.014EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2012/09/19 10:57 a.m.19 views

CVE-2012-4407

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...

5CVSS5.9AI score0.014EPSS
Exploits0References4
CVE
CVE
added 2012/09/19 10:0 a.m.47 views

CVE-2012-4407

CVE-2012-4407 affects Moodle: information disclosure in lib/filelib.php where Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files. This allows remote attackers to read a blog entry that references a non-public file and ...

5CVSS6AI score0.014EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/05/27 12:0 a.m.24 views

SuSE 11.1 Security Update : kdelibs4 (SAT Patch Number 4407)

This update fixes a cross-site scripting XSS vulnerability in the way KHTML handles error pages. CVE-2011-1168 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C...

4.3CVSS4.9AI score0.02673EPSS
Exploits2References3
CVE
CVE
added 2010/12/04 11:0 p.m.53 views

CVE-2010-4407

CVE-2010-4407 concerns multiple stored XSS vulnerabilities in index.php of AlGuest 1.1c-patched. The vulnerability is exploitable via the parameters nome (nickname), messaggio (message), and link (homepage), enabling remote attackers to inject arbitrary script/HTML. The affected software is AlGue...

4.3CVSS5.9AI score0.01102EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/12/23 9:30 p.m.10 views

CVE-2009-4407

Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...

6.8CVSS7.3AI score0.00581EPSS
Exploits0References4
CVE
CVE
added 2009/12/23 9:0 p.m.45 views

CVE-2009-4407

CVE-2009-4407 involves multiple CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum. The vulnerabilities allow remote attackers to hijack a victim’s authenticated session to perform state-changing requests (e.g., password changes) and other unspecified actions...

6.8CVSS7.4AI score0.00581EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/12/23 9:0 p.m.17 views

CVE-2009-4407

Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...

7.3AI score0.00581EPSS
Exploits0References4
CVE
CVE
added 2008/10/03 5:18 p.m.53 views

CVE-2008-4407

CVE-2008-4407 affects sabre (xsabre) 0.2.4b. The issue arises from relying on creating /tmp/sabre.log, allowing a local attacker to cause a denial of service by placing a non-overwritable /tmp/sabre.log. No explicit remediation/versions beyond 0.2.4b are stated in the provided documents. Exploita...

2.1CVSS6.2AI score0.00278EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/03/03 12:0 a.m.14 views

phpMyAdmin < 2.11.5 SQLi

Binary data 4407.prm...

5.1CVSS7.3AI score0.00912EPSS
Exploits0References2
CVE
CVE
added 2007/08/18 9:0 p.m.47 views

CVE-2007-4407

CVE-2007-4407 affects ircu versions 2.10.12.03 and 2.10.12.04. The flaw does not associate a timestamp with ops privilege on an unused channel (zannel), enabling remote attackers to manipulate channel modes via a netriding attack or to take over a channel by joining an unlinked server with A/Upas...

6.4CVSS6.7AI score0.0148EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2006/11/30 4:0 p.m.62 views

CVE-2006-4407

CVE-2006-4407 affects Apple Mac OS X Security Framework Secure Transport. The issue arises when negotiating the strongest shared cipher: due to an incorrect priority order, Secure Transport may choose a weaker cipher, potentially enabling a remote attacker to decrypt traffic. Documents consistent...

5CVSS6AI score0.01724EPSS
Exploits2References9Affected Software1
Rows per page
Query Builder