61 matches found
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...
Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)
Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
CVE-2013-4407 affects Perl’s HTTP::Body::Multipart in the HTTP-Body module. Vulnerable: Perl HTTP-Body versions 1.07–1.22 (before 1.23) where the code uses the part of the uploaded file name after the first dot as the suffix of a temporary file, which may be misinterpreted by downstream logic tha...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
Updated perl-HTTP-Body packages fix CVE-2013-4407
Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...
CVE-2012-4407
CVE-2012-4407 affects Moodle: information disclosure in lib/filelib.php where Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files. This allows remote attackers to read a blog entry that references a non-public file and ...
SuSE 11.1 Security Update : kdelibs4 (SAT Patch Number 4407)
This update fixes a cross-site scripting XSS vulnerability in the way KHTML handles error pages. CVE-2011-1168 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C...
CVE-2010-4407
CVE-2010-4407 concerns multiple stored XSS vulnerabilities in index.php of AlGuest 1.1c-patched. The vulnerability is exploitable via the parameters nome (nickname), messaggio (message), and link (homepage), enabling remote attackers to inject arbitrary script/HTML. The affected software is AlGue...
CVE-2009-4407
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2009-4407
CVE-2009-4407 involves multiple CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum. The vulnerabilities allow remote attackers to hijack a victim’s authenticated session to perform state-changing requests (e.g., password changes) and other unspecified actions...
CVE-2009-4407
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2008-4407
CVE-2008-4407 affects sabre (xsabre) 0.2.4b. The issue arises from relying on creating /tmp/sabre.log, allowing a local attacker to cause a denial of service by placing a non-overwritable /tmp/sabre.log. No explicit remediation/versions beyond 0.2.4b are stated in the provided documents. Exploita...
phpMyAdmin < 2.11.5 SQLi
Binary data 4407.prm...
CVE-2007-4407
CVE-2007-4407 affects ircu versions 2.10.12.03 and 2.10.12.04. The flaw does not associate a timestamp with ops privilege on an unused channel (zannel), enabling remote attackers to manipulate channel modes via a netriding attack or to take over a channel by joining an unlinked server with A/Upas...
CVE-2006-4407
CVE-2006-4407 affects Apple Mac OS X Security Framework Secure Transport. The issue arises when negotiating the strongest shared cipher: due to an incorrect priority order, Secure Transport may choose a weaker cipher, potentially enabling a remote attacker to decrypt traffic. Documents consistent...