530 matches found
kernel: futex: Handle user space corruption gracefully
The wakefutexpi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance PI futex, which allows local users to cause a denial of service OOPS and possibly have unspecified other impact via vectors involving...
Design/Logic Flaw
The wakefutexpi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance PI futex, which allows local users to cause a denial of service OOPS and possibly have unspecified other impact via vectors involving...
CVE-2003-1575
VERITAS File System VxFS 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissio...
CVE-2003-1575
VERITAS File System VxFS 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissio...
Confluence users should inherit permissions from the anonymous user
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-17278. panel This has been derived from CONF-4955|http://jira.atlassian.com/browse/CONF-4955. The above seems to have been fixed...
Novell Edirectory 8.8 SP5 Cross Site Scripting
Application: Novell Edirectory 8.8 SP5 Platforms: Windows 2003 Server Exploitation: XSS Date: 2009-09-23 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1 Introduction =============== Novell Directory Services is a hierarchica...
Novell Edirectory 8.8 SP5 - Cross-Site Scripting
Novell Edirectory 8.8 SP5 - Cross-Site Scripting Application: Novell Edirectory 8.8 SP5 Platforms: Windows 2003 Server Exploitation: XSS Date: 2009-09-23 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details and bug 3 The Code =============== 1 Introduction...
Security Best Practice: Protect Yourself from MS-RPC and DCE-RPC Vulnerabilities
DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...
Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Inheritance уязвимости в Internet Explorer 6 и Google Chrome. В дополнение к ранее опубликованной информации http://securityvulns.ru/news/Browsers/Charset/XSS.html о данной уязвимости в других браузерах. Данная уязвимость в браузерах,...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
security flaw
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
security flaw
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
security flaw
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
CVE-2007-0996
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
Mozilla Foundation Security Advisory 2007-02
Mozilla Foundation Security Advisory 2007-02 Title: Improvements to help protect against Cross-Site Scripting attacks Impact: Low Announced: February 23, 2007 Reporter: various Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Firefox 2.0.0.2 and 1.5.0.10...
CVE-2007-1114
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
Cross site scripting
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
CVE-2007-1115
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
CVE-2007-1114
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...
Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Release Date: 2007/02/23 Last Modified: 2007/02/23 Author: Stefan Esser [email protected] Application:...