Fedora 25 : curl (2016-89769648a0)

fix cookie injection for other servers CVE-2016-8615 - compare user/passwd case-sensitively while reusing connections CVE-2016-8616 - base64: check for integer overflow on large input CVE-2016-8617 - fix double-free in krb5 code CVE-2016-8619 - fix double-free in curlmaprintf CVE-2016-8618 - fix...

Fedora 24 : curl (2016-e8e8cdb4ed)

fix cookie injection for other servers CVE-2016-8615 - compare user/passwd case-sensitively while reusing connections CVE-2016-8616 - base64: check for integer overflow on large input CVE-2016-8617 - fix double-free in krb5 code CVE-2016-8619 - fix double-free in curlmaprintf CVE-2016-8618 - fix...

SUSE SLES11 Security Update : pam (SUSE-SU-2016:1645-1)

This update for pam fixes two security issues. These security issues were fixed : - CVE-2015-3238: pamunix in conjunction with SELinux allowed for DoS attacks bsc934920. - CVE-2013-7041: Compare password hashes case-sensitively bsc854480. The update package also includes non-security fixes. See...

SUSE-SU-2016:1645-1 Security update for pam

This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pamunix in conjunction with SELinux allowed for DoS attacks bsc934920. - CVE-2013-7041: Compare password hashes case-sensitively bsc854480. This non-security issue was fixed: - bsc962220: Don't fail...

Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers

Should passwords that protect your financial data be less secure than the ones used to lock up selfies, cat videos and tweets swapped on social networks? In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers...

Cisco Prime Infrastructure Elevation of Privilege Vulnerability

Cisco Prime Infrastructure is a wireless management solution through Cisco Prime LAN Management Solution and Cisco Prime Network Control System technologies. A security vulnerability exists in Cisco Prime Infrastructure, as the program stores case-sensitive usernames and performs case-sensitive...

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...

Application-Aware Image Processing failure with SQL 2012 SP2 case-sensitive collation database

Job using Application-Aware Image Processing fails during VSS processing with: Unfreeze error: Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. A VSS crit...

Apache 1.3.14 Mac File Protection Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that...

CVE-2010-4364

DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting XSS attacks via the 1 html content and 2 richeditor fields. NOTE: some of the...

Also talk about the apache,nginx Upload Directory without execute permissions-bug warning-the black bar safety net

As to why set the Upload Directory does not have permission to this, I'm not cumbersome. Now more popular web Services iis,apache,nginx, use theOSis nothing more than windows or nux We look at two segments usually Upload Directory settings is not entitled to limit the subset of columns,configured...

Cross site scripting

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

lighttpd 1.4.19 mod_userdir区分大小写比较导致代码泄露漏洞

No description provided by source...

SugarCRM on Apache / Windows .htaccess Direct Request Arbitrary File Access

The version of SugarCRM running on the remote host has an information disclosure vulnerability. When Apache is running on Windows, .htaccess restrictions are case-sensitive, but filenames are not. A remote attacker can bypass .htaccess restrictions by using uppercase letters when requesting files...

GLSA-200812-04 : lighttpd: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-04 lighttpd: Multiple vulnerabilities Multiple vulnerabilities have been reported in lighttpd: Qhy reported a memory leak in the httprequestparse function in request.c CVE-2008-4298. Gaetan Bisson reported that URIs are not...

CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

lighttpd < 1.4.20 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the connectionstatemachine function that is triggered when disconnecting before a download has...

Design/Logic Flaw

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different...

Skype file: URI Handling Security Bypass Arbitrary Code Execution (uncredentialed check)

The version of Skype installed on the remote host reportedly uses improper logic in its 'file:' URI handler when validating URLs by failing to check for certain dangerous file extensions and checking for others in a case-sensitive manner. If an attacker can trick a user on the affected host into...

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...