3122 matches found
CVE-2008-0760
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the URI. NOTE: this issue reportedly exists because of an incomplete fix for...
Directory traversal
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the URI. NOTE: this issue reportedly exists because of an incomplete fix for...
CVE-2008-0639
Stack-based buffer overflow in the EnumPrinters function in the Spooler service nwspool.dll in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE:...
CVE-2008-0760
Summary: CVE-2008-0760 is a directory traversal vulnerability in SafeNet Sentinel Protection Server <= 7.4.1.0 and Sentinel Keys Server
JVN#09470767 Apache Tomcat fails to properly handle cookie value
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages. Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. The...
CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Session fixation
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
CVE-2007-6077
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
CVE-2007-6077
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
DEBIAN-CVE-2007-6010
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
CVE-2007-6010
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
Code injection
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
CVE-2007-6010
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
CVE-2007-6010
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
CVE-2007-6010
Unspecified vulnerability in pioneers formerly gnocatan 0.11.3 allows remote attackers to cause a denial of service daemon crash via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933...
Ubuntu 7.10 : compiz vulnerability (USN-537-2)
USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and...
Incomplete fix for CVE-2007-0720 CUPS denial of service
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation...
CVE-2007-5805
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: thi...
USN-531-2: dhcp vulnerability
USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Original advisory details: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certai...
GLSA-200710-06 : OpenSSL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200710-06 OpenSSL: Multiple vulnerabilities Moritz Jodeit reported an off-by-one error in the SSLgetsharedciphers function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BNfrommontgomery...