CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

Path traversal

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

PYSEC-2014-1

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

OleumTech WIO Family Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...

NIST Removes Dual_EC_DRBG Random Number Generator from Recommendations

The National Institute of Standards and Technology NIST has announced to abandon the controversial Dual Elliptic Curve Deterministic Random Bit Generator, better known as DualECDRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

Code injection

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

CVE-2013-4116 affects npm (lib/npm.js) prior to 1.3.3. The vulnerability allows a local user to overwrite arbitrary files by creating a symbolic link at a predictable temporary file name used during archive unpacking, enabling potential local privilege escalation. The issue is tied to how npm cre...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

UBUNTU-CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

znc "CWebAdminMod::ChanPage()"空指针引用漏洞

ZNC是一款IRC代理。 ZNC "CWebAdminMod::ChanPage"函数modules/webadmin.cpp存在空指针引用错误，允许攻击者利用漏洞使应用程序崩溃。 0 ZNC 1.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://github.com/znc/znc/issues/528...

CVE-2011-3628

CVE-2011-3628 is an untrusted search path vulnerability in pam_motd (MOTD module) in libpam-modules. It affects Ubuntu releases where libpam-modules versions predating the listed fixes: before 1.1.3-2ubuntu2.1 on 11.10, before 1.1.2-2ubuntu8.4 on 11.04, before 1.1.1-4ubuntu2.4 on 10.10, before 1....

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...