177 matches found
Stale TLB entry due to page type release race
ISSUE DESCRIPTION x86 PV guests effect TLB flushes by way of a hypercall. Xen tries to reduce the number of TLB flushes by delaying them as much as possible. When the last type reference of a page is dropped, the need for a TLB flush before the page is re-used is recorded. If a guest TLB flush...
Arastta 1.1.5 SQL Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...
ZeusCart v4.0 /classes/Core/CFeaturedItems.php SQL注入
ZeusCart 4.0: SQL Injection1.漏洞描述在ZeusCart4.0中存在两个注入漏洞,一个注入不需要任何条件即可exploit,另一个是是发生在admin后台的注入。因为大部分参数都是依赖于简单的过滤,所以很容易由于过滤不全而产生漏洞。2a. Timing based Blind SQL Injection 基于时间的盲注证明:http://localhost/zeuscart-master/index.php?do=featured&action=showmaincatlanding&maincatid=-1AND IFSUBSTRINGversion, 1,...
ZeusCart 4.0 - SQL Injection
ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...
Serendipity 2.0.1 Blind SQL Injection
Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected]...
mysql: Remote Preauth User Enumeration flaw
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...
Framework: Information disclosure via SSRF
It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning...
Ubuntu: Security Advisory (USN-1923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1923-1: GnuPG, Libgcrypt vulnerability
Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : gnupg, libgcrypt11 vulnerability (USN-1923-1)
Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys. Note...
Debian Security Advisory DSA 253-1 (openssl)
The remote host is missing an update to openssl announced via advisory DSA 253-1. OpenVAS Vulnerability Test $Id: deb2531.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 253-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 253-1 (openssl)
The remote host is missing an update to openssl announced via advisory DSA 253-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)
Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the 'Bleichenbacher attack' on RSA with PKS 1 v1.5 padding as used ...
RHEL 2.1 : openssl (RHSA-2003:063)
Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...
Important: Red Hat Security Advisory: : : : Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages that fix potential timing-based and modified Bleichenbacher attacks are available for Red Hat Linux on IBM iSeries and pSeries systems. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer...
[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...