Lucene search
K

5316 matches found

RedHat Linux
RedHat Linux
added 2013/03/14 4:46 p.m.7 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/14 4:40 p.m.4 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/11 7:3 p.m.5 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/11 7:3 p.m.4 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/11 6:33 p.m.3 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/11 6:14 p.m.4 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.38 views

WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)

------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions = 3.2.5. tested on 3.2.5, 3.2.3 impact: - code execution in browser context author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpdmetaboxes 2/ bottom of the...

2.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/06 12:0 a.m.81 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

CVE-2009-2695 kernel: SELinux and mmapminaddr CVE-2009-3228 kernel: tc: uninitialised kernel memory leak CVE-2009-3286 kernel: OEXCL creates on NFSv4 are broken CVE-2009-2908 kernel ecryptfs NULL pointer dereference CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larg...

7.8CVSS6.9AI score0.12461EPSS
Exploits14References17
OpenVAS
OpenVAS
added 2013/03/06 12:0 a.m.23 views

WordPress Count per Day Plugin Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

7.2AI score
Exploits0References3
Patchstack
Patchstack
added 2013/03/05 12:0 a.m.7 views

WordPress Count Per Day Plugin - Cross Site Scripting

WordPress Count Per Day plugin's "daytoshow" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...

3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2013/03/05 12:0 a.m.22 views

Count Per Day <= 3.2.5 - daytoshow Parameter XSS

The Count per Day WordPress plugin was affected by a daytoshow Parameter XSS security vulnerability...

4.3CVSS2.3AI score0.00984EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2013/03/05 12:0 a.m.37 views

WordPress Count-Per-Day 3.2.5 Cross Site Scripting

------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions press show. 3/ request is submitted, server reflects the sent value. filter on server side is identity, thus pretty easy to exploit. the payload gets executed. ---------- e.g., of...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2013/03/05 12:0 a.m.25 views

WordPress Plugin Count Per Day - &#039;daytoshow&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/58307/info The Count Per Day plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage this issue to execute arbitrary script code in the browser...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/19 8:31 p.m.9 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/02/19 8:29 p.m.5 views

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS6.1AI score0.0898EPSS
Exploits0References4
NVD
NVD
added 2013/02/13 12:4 p.m.30 views

CVE-2013-1280

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a...

7.2CVSS6.2AI score0.01722EPSS
Exploits0References3
Prion
Prion
added 2013/02/13 12:4 p.m.25 views

Design/Logic Flaw

The Client/Server Run-time Subsystem CSRSS in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."...

7.2CVSS6.8AI score0.01791EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/02/13 11:0 a.m.34 views

CVE-2013-0076

The Client/Server Run-time Subsystem CSRSS in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."...

6.3AI score0.01791EPSS
Exploits0References3
CVE
CVE
added 2013/02/13 11:0 a.m.60 views

CVE-2013-0076

The CVE-2013-0076 entry refers to a local privilege-escalation vulnerability in the Client/Server Run-time Subsystem (CSRSS) on affected Windows versions. Specifically, CSRSS in Windows 7 (Gold/SP1) and Windows Server 2008 R2 (SP1) mishandles in-memory objects, enabling a local attacker to gain e...

7.2CVSS6.4AI score0.01791EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.32 views

SuSE 11.2 Security Update : libwebkit (SAT Patch Number 7114)

Two issues in libwebkit have been fixed : - Webkit CSS Text Element Count remote code execution was fixed. CVE-2011-1290 - WebKit WBR Tag Removal remote code execution was fixed. CVE-2011-1344 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

10CVSS6.2AI score0.09754EPSS
Exploits0References6
Rows per page
Query Builder