363 matches found
OpenNTPD Design Vulnerabilities
OpenNTPD is a network time protocol NTP for Unix systems that can synchronize a computer system's local clock with a remote NTP server. A security vulnerability exists in OpenNTPD that stems from a failure to validate the Common Name when the program is configured for HTTPS requests, which could ...
The vulnerability of the Apache Tomcat application server allows attackers to circumvent authenticity verification restrictions.
The vulnerability of the RequestUtil.java function in the Apache Tomcat application server is related to deficiencies in path name validation. Exploiting this vulnerability allows a malicious actor to bypass the authenticity verification provided by the SecurityManager by using the “/..” symbol i...
squid: incorrect X509 server certificate validation (SQUID-2015:1)
It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate...
Moderate: Red Hat Security Advisory: kubernetes security update
Updated kubernetes packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Kubernetes: Missing name validation allows path traversal in etcd
Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal...
China Telecom's Wing Pay App Has Multiple Vulnerabilities
Wing Pay is the business brand of China Telecom that operates payment and internet finance. Wing Pay APP 3.9.6 has multiple security vulnerabilities, including: global file read/write vulnerability; configuration file read/write vulnerability; trust arbitrary security certificate vulnerability;...
Design/Logic Flaw
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors...
DLA-20-1 munin - security update
Bulletin has no description...
PT-2014-2155 · Debian · Apt
Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...
DEBIAN-CVE-2012-6150
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...
PT-2013-5211 · Hewlett Packard · Hp Procurve Manager +2
Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateCertificatesServlet in the SNAC registration server, which fails to properly validat...
Baidu Ueditor Open Source Editor for the Java version of jsp file upload vulnerability-vulnerability warning-the black bar safety net
The system default file upload process jsp filter is not strict cause can upload a jsp file,the jsp, you know how system privileges can execute arbitrary commands ! The problem is in the imageUp. jsp here use java regular expression to validate the uploaded file file name Re-set the file name whe...
Debian Security Advisory DSA 2418-1 (postgresql-8.4)
The remote host is missing an update to postgresql-8.4 announced via advisory DSA 2418-1. OpenVAS Vulnerability Test $Id: deb24181.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2418-1 postgresql-8.4 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Sof...
cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...
PT-2010-1847 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to the SMB implementation in the Server service, which does not properly validate the share and servername fields in SMB packets. This allows remote...
ShaadiClone 2.0 (addadminmembercode.php) Add Admin Exploit
Exploit for unknown platform in category web applications ========================================================== ShaadiClone 2.0 addadminmembercode.php Add Admin Exploit ========================================================== ShaadiClone v2.0 addadminmembercode.php Add Admin function...
Debian DSA-1371-1 : phpwiki - several vulnerabilities
Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...
CVE-2004-2661
Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...
CVE-2005-1450
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...
Microsoft WINS Name Validation Attack
...