2548 matches found
CVE-2011-2702
CVE-2011-2702 is a signedness error in Glibc before 2.13 and eglibc before 2.13. When SSSE3 optimization is enabled, a negative length parameter to memcpy-ssse3-rep.S, memcpy-ssse3.S, or memset-sse2.S in sysdeps/i386/i686/multiarch/ can trigger an out-of-bounds read, allowing context-dependent at...
PT-2014-2127 · Gnu · Glibc +1
Name of the Vulnerable Software and Affected Versions: Glibc versions prior to 2.13 eglibc versions prior to 2.13 Description: The issue is related to an integer signedness error when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization. This error allows context-dependent attackers ...
SUSE-SU-2015:0792-1 Recommended update for coreutils
This update for coreutils provides the following fixes and enhancements: cp1 could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on file systems supporting filemap extent scanning. bnc892862 Improve ls1 efficiency on lar...
F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...
CVE-2014-7157
Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...
CVE-2014-7158
Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...
Cross site scripting
Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...
CVE-2014-7157
Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...
CVE-2014-7158
Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...
CVE-2014-7158
The CVE-2014-7158 entry concerns Exinda WAN Optimization Suite 7.0.0 (2160) and is a Cross-site request forgery (CSRF) vulnerability that could allow remote attackers to hijack an administrator’s session to perform actions such as changing the admin password via a request to /admin/launch. Public...
CVE-2014-7157
The CVE-2014-7157 entry concerns Exinda WAN Optimization Suite 7.0.0 (2160) with a Cross-site scripting (XSS) vulnerability exposed via the tabsel parameter to /admin/launch. The affected component is the web interface; the root cause is lack of input validation for the tabsel parameter, enabling...
CloudFlare Rolls Out Free SSL
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available...
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS Vulnerabilities
Exinda WAN Optimization Suite version 7.0.0 2160 suffers from cross site request forgery and cross site scripting vulnerabilities. I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN...
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN Optimization Suite integrates enterprise-caliber bandwidth acceleration and optimization with best-in-class application network visibilit...
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x86-64 - Add Root User shell-storm/leet + Polymorphic Shellcode 273 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; "Polymorphic" version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-658.php ;...
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode 105 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author:...
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - shutdown -h now Shellcode 64 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-877.php ; Author: SLAE64-1351 Keyman ; Date:...
[SECURITY] Fedora 20 Update: libserf-1.3.7-1.fc20
The serf library is a C-based HTTP client library built upon the Apache Portable Runtime APR library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation...
Updated gcc packages fix security vulnerability and other bugs
Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. CVE-2014-5044 They also fix...