PSF-2013-2 ssl: NULL in subjectAltNames

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

SA-CONTRIB-2012-118 - Secure Login - Open Redirect

Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. In addition, Secure Login module by default redirects non-HTTPS GET requests for pages containing forms that i...

CLscript CMS v3.0 SQL Injection

Exploit for php platform in category web applications Title: ====== CLscript CMS v3.0 - Multiple Web Vulnerabilities Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============= With the professionally developed Classified-Portal CLscript 3.0 can...

DEBIAN-CVE-2012-2089

Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...

Drupal 6.22 With Finder 6.x-1.9 Code Execution / Cross Site Scripting

Vulnerability Report Description of Vulnerability: ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Finder module https://drupal.org/project/finder "allows Drupal site administrators to create flexible faceted...

Sql injection

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

[USN-959-1] PAM vulnerability

=========================================================== Ubuntu Security Notice USN-959-1 July 07, 2010 pam vulnerability CVE-2010-0832 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS This advisory...

Code injection

The auto-complete functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value...

Cross site scripting

Cross-site scripting XSS vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-7142

Absolute path traversal vulnerability in the Disk Usage module frontend/x/diskusage/index.html in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter...

CVE-2009-1507

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node...

RavenNuke avartarlist.php模块PHP代码注入漏洞

BUGTRAQ ID: 33787 RavenNuke是基于PHP和MySQL的自动新闻发布和内容管理系统。 RavenNuke的avatarlist.php模块没有正确地验证对pregreplace调用所传送的patterns和replacements参数，远程攻击者可以通过向服务器提交恶意请求导致注入并执行任意PHP代码。以下是有漏洞的代码段： $patterns0 = '/.gif/'; $patterns1 = '/.png/'; ... $replacements1 = ''; $replacements0 = ''; ... $entryname =...

XOOPS Module wfdownloads - cid SQL Injection

XOOPS Module wfdownloads - cid SQL Injection XOOPS module wfdownloads SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl: "modules/wfdownloads/viewcat.php?cid" DORK 2 : allinurl: "modules/wfdownloads" EXPLOIT :...

CVE-2007-4210

Multiple SQL injection vulnerabilities in module.php in LANAI la-nai CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via 1 the mid parameter in an faqviewgroup action in the FAQ Modules, 2 the cid parameter in the EZSHOPINGCART Modules, or 3 the gid parameter in a view action ...

CVE-2006-5449

procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule...

Cross site scripting

Cross-site scripting XSS vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment...

CVE-2006-0198

Cross-site scripting XSS vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment...

PT-2005-4113 · Blender · Blender

Name of the Vulnerable Software and Affected Versions: Blender version 2.36 Description: The issue allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. This occurs in the bvh import.py module. Recommendations: For...