5316 matches found
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)
------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions = 3.2.5. tested on 3.2.5, 3.2.3 impact: - code execution in browser context author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpdmetaboxes 2/ bottom of the...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
CVE-2009-2695 kernel: SELinux and mmapminaddr CVE-2009-3228 kernel: tc: uninitialised kernel memory leak CVE-2009-3286 kernel: OEXCL creates on NFSv4 are broken CVE-2009-2908 kernel ecryptfs NULL pointer dereference CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larg...
WordPress Count per Day Plugin Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
WordPress Count Per Day Plugin - Cross Site Scripting
WordPress Count Per Day plugin's "daytoshow" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...
Count Per Day <= 3.2.5 - daytoshow Parameter XSS
The Count per Day WordPress plugin was affected by a daytoshow Parameter XSS security vulnerability...
WordPress Count-Per-Day 3.2.5 Cross Site Scripting
------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions press show. 3/ request is submitted, server reflects the sent value. filter on server side is identity, thus pretty easy to exploit. the payload gets executed. ---------- e.g., of...
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
source: https://www.securityfocus.com/bid/58307/info The Count Per Day plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage this issue to execute arbitrary script code in the browser...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
tomcat: three DIGEST authentication implementation issues
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...
CVE-2013-1280
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a...
Design/Logic Flaw
The Client/Server Run-time Subsystem CSRSS in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."...
CVE-2013-0076
The Client/Server Run-time Subsystem CSRSS in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."...
CVE-2013-0076
The CVE-2013-0076 entry refers to a local privilege-escalation vulnerability in the Client/Server Run-time Subsystem (CSRSS) on affected Windows versions. Specifically, CSRSS in Windows 7 (Gold/SP1) and Windows Server 2008 R2 (SP1) mishandles in-memory objects, enabling a local attacker to gain e...
SuSE 11.2 Security Update : libwebkit (SAT Patch Number 7114)
Two issues in libwebkit have been fixed : - Webkit CSS Text Element Count remote code execution was fixed. CVE-2011-1290 - WebKit WBR Tag Removal remote code execution was fixed. CVE-2011-1344 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...