7961 matches found
Design/Logic Flaw
Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...
CVE-2008-1676
Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...
PT-2008-3224 · Netscape +1 · Netscape Certificate Management System +1
Name of the Vulnerable Software and Affected Versions: Red Hat Certificate System versions 7.1 through 7.3 Netscape Certificate Management System version 6.x Description: The issue allows remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a...
[SECURITY] Fedora 8 Update: epiphany-extensions-2.20.1-8.fc8
Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser...
Code injection
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions...
System: incorrect handling of Extensions in CSRs (cs71)
Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...
System: incorrect handling of Extensions in CSRs (cs71)
Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
GLSA-200806-07 : X.Org X server: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200806-07 X.Org X server: Multiple vulnerabilities Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions of the RECO...
cmsWorks 2.2 RC4 (fckeditor) Remote Arbitrary File Upload Exploit
Exploit for unknown platform in category web applications ================================================================= cmsWorks 2.2 RC4 fckeditor Remote Arbitrary File Upload Exploit =================================================================...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)
Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 It...
X Server multiple security vulnerabilities
Inteer overflows, memory corruptions, information leak in different extensions...
RHEL 4 : xorg-x11 (RHSA-2008:0503)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0503 advisory. - X.org Record and Security extensions memory corruption CVE-2008-1377 - X.org MIT-SHM extension arbitrary memory read CVE-2008-1379 - X.org...
Design/Logic Flaw
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different...
Skype file: URI Handling Security Bypass Arbitrary Code Execution (uncredentialed check)
The version of Skype installed on the remote host reportedly uses improper logic in its 'file:' URI handler when validating URLs by failing to check for certain dangerous file extensions and checking for others in a case-sensitive manner. If an attacker can trick a user on the affected host into...
CVE-2008-0891
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...
CVE-2008-0891
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...
DEBIAN-CVE-2008-0891
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...
www file share pro 5.30 insecure multiple
this server that now has reached 5.30 per version still contains many elements of insecurity: does not control the file extensions loaded not figure the pass not esitone setting permits 666 777 etc. Min poc: http://gmda.altervista.org/wfsp530xpl/wfsp530exp.bat.txt...