7728 matches found
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Gentoo Security Advisory GLSA 200804-16 (rsync)
The remote host is missing updates announced in advisory GLSA 200804-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200804-16 (rsync)
The remote host is missing updates announced in advisory GLSA 200804-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
CVE-2008-3422
Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...
DEBIAN-CVE-2008-3422
Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
GLSA-200804-16 : rsync: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200804-16 rsync: Execution of arbitrary code Sebastian Krahmer of SUSE reported an integer overflow in the expanditemlist function in the file util.c which might lead to a heap-based buffer overflow when extended attribute xattr...
CVE-2008-1720
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...
DEBIAN-CVE-2008-1720
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds. Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. Remediation There is no fixed version for rsync. Referenc...
DSA-1545-1 rsync
Bulletin has no description...
PT-2008-1008 · Rsync · Rsync
Name of the Vulnerable Software and Affected Versions: rsync versions 2.6.9 through 3.0.1 Description: The issue affects the rsync package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. A buffer...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
drupal -- cross site scripting (utf8)
The Drupal Project reports: When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
DSA-1444-1 php5 several issues
Bulletin has no description...
CVE-2007-6306
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update
Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...
Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)
Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters o...