7627 matches found
Buffer overflow
Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 "a" HTML tag; a long src attribute in 2 embed, 3 img, or 4 script tags; 5 a long background attribute in a body tag; and...
CVE-2009-2644
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv121, when extended file attributes are used, allows local users to cause a denial of service panic via vectors related to "pathnames for invalid fds."...
Race condition
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv121, when extended file attributes are used, allows local users to cause a denial of service panic via vectors related to "pathnames for invalid fds."...
CVE-2009-2644
CVE-2009-2644 describes a race condition in the Solaris auditing subsystem affecting Solaris 9/10 and OpenSolaris prior to snv_121, where using extended file attributes can trigger a Denial of Service (panic) via vectors related to pathnames for invalid fds. The root cause is a concurrency issue ...
Cross site scripting
Cross-site scripting XSS vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes...
CVE-2009-1714
Cross-site scripting XSS vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes...
drupal -- cross-site scripting
The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
SA-CORE-2009-005 - Drupal core - Cross site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
RHEL 5 : kernel (RHSA-2009:0326)
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
PT-2009-1169 · Bouncy Castle · Crypto Provider Package +1
Name of the Vulnerable Software and Affected Versions: Bouncy Castle Java Cryptography API versions prior to 1.38 Crypto Provider Package versions prior to 1.36 Description: The issue is related to a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes, which has...
CVE-2009-0591
The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...
CVE-2009-0591
The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...
Vulnerability in OpenSSL CVE-2009-0591
The function CMSverify does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. Found by Ivan Nestlerode, IBM...
One absolutely can use the SU to mention the right skill-vulnerability warning-the black bar safety net
A period of time provided the right, found that the SU provide the right climate SU configuration file can be written, but don't know how to write, just to have a server installed SU on their own to configure one and then copy to be provided right on the machine, found it easy to use. For the...
CVE-2008-5917
Cross-site scripting XSS vulnerability in the XSS filter framework/TextFilter/Filter/xss.php in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes...
Cross site scripting
Cross-site scripting XSS vulnerability in the XSS filter framework/TextFilter/Filter/xss.php in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes...
CVE-2008-5917
Cross-site scripting XSS vulnerability in the XSS filter framework/TextFilter/Filter/xss.php in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...