Lucene search
K

1924 matches found

securityvulns
securityvulns
added 2010/05/11 12:0 a.m.51 views

Month of PHP Security - Summary - 1st May - 10th May

Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.45 views

MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability

MOPS-2010-012: PHP sqlitesinglequery Uninitialized Memory Usage Vulnerability May 7th, 2010 PHP’s sqlitesinglequery function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is P...

2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2010/03/24 12:0 a.m.5 views

PT-2010-2814 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to 7 Description: The issue allows remote attackers to cause a denial of service, consuming memory and CPU, via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. This is related to the ANI...

7.1CVSS6.7AI score0.1505EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2009/12/11 1:42 p.m.4 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/12/08 7:9 p.m.6 views

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...

5CVSS5.9AI score0.04813EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/12/01 12:0 a.m.32 views

Cacti 'Linux - Get Memory Usage' RCE Vulnerability

Cacti is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9CVSS8.6AI score0.11477EPSS
Exploits2References2
NVD
NVD
added 2009/11/30 9:30 p.m.28 views

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

9CVSS8.7AI score0.11477EPSS
Exploits2References10
OSV
OSV
added 2009/11/30 9:30 p.m.2 views

DEBIAN-CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

9CVSS7.4AI score0.11477EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2009/11/30 9:30 p.m.40 views

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

9CVSS6.6AI score0.11477EPSS
Exploits2References1
Prion
Prion
added 2009/11/30 9:30 p.m.19 views

Input validation

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

9CVSS7AI score0.11477EPSS
Exploits2References10Affected Software1
Cvelist
Cvelist
added 2009/11/30 9:0 p.m.38 views

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

8.7AI score0.11477EPSS
Exploits2References10
Debian CVE
Debian CVE
added 2009/11/30 9:0 p.m.52 views

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

9CVSS6AI score0.11477EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2009/10/28 12:0 a.m.50 views

Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...

7.2CVSS6.7AI score0.01213EPSS
Exploits6References10
Fedora
Fedora
added 2009/08/12 8:53 p.m.26 views

[SECURITY] Fedora 11 Update: ocaml-camlimages-3.0.1-7.fc11.2

CamlImages is an image processing library for Objective CAML, which provide s: basic functions for image processing and loading/saving, various image file formats hence providing a translation facility from format to format, and an interface with the Caml graphics library allows to display images...

7.5CVSS0.7AI score0.02612EPSS
Exploits0
Prion
Prion
added 2009/07/16 3:30 p.m.22 views

Null pointer dereference

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

7.2CVSS6.5AI score0.00439EPSS
Exploits1References35Affected Software3
NVD
NVD
added 2009/07/16 3:30 p.m.20 views

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

7.2CVSS4.9AI score0.00439EPSS
Exploits1References35
Cvelist
Cvelist
added 2009/07/16 3:0 p.m.25 views

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

5.4AI score0.00439EPSS
Exploits1References35
CVE
CVE
added 2009/07/16 3:0 p.m.134 views

CVE-2009-1895

The vulnerability CVE-2009-1895 affects the Linux kernel’s personality subsystem prior to 2.6.31-rc3, where PER_CLEAR_ON_SETID fails to clear ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO when executing a setuid/setgid program. This enables local users to exploit memory‑layout details to perform NULL poi...

7.2CVSS5.5AI score0.00439EPSS
Exploits1References35Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/14 1:17 a.m.2 views

Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability

Overview Hitachi Web Server contains a vulnerability that could lead to a denial of service DoS condition when using it as a reverse proxy due to excessive memory usage. Impact The server could fall into a denial of service DoS state when continuously receiving fraudulent responses from backend W...

5CVSS7.6AI score0.12714EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/07/06 12:0 a.m.23 views

RedHat Security Advisory RHSA-2009:1139

The remote host is missing updates announced in advisory RHSA-2009:1139. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime OSCAR protocol is used by the AOL ICQ and...

5CVSS7.4AI score0.03377EPSS
Exploits1References3
Rows per page
Query Builder