Denial Of Service (DoS)

pidgin is vulnerable to denial of service DoS attacks. The vulnerability exists as the msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8...

Directory Traversal

tomcat-coyote is vulnerable to directory traversal attacks. The vulnerability exists as the JVM does not correctly decode UTF-8 encoded URLs, and when a context is configured with allowLinking="true", allowing directory traversal attacks...

RHEL 6 / 7 : jboss-ec2-eap package for EAP 7.1.2 (Important) (RHSA-2018:1249)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1249 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...

Ruby Psych::Emitter start_document Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0032 Ruby Psych::Emitter startdocument Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

Bypass of file blacklist on Microsoft Windows Platform - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...

X (Formerly Twitter): HTTP Response Splitting (CRLF injection) in report_story

Hi, I would like to report a HTTP Response Splitting vulnerability in https://twitter.com/i/safety/reportstory that allows attackers to inject arbitrary headers and contents in the response. PoC:...

Inout Ad server Ultimate Shell Upload Vulnerabilty

No description provided by source. ============================================================== Inout Ad server Ultimate -- Shell upload Vulnerabilty ============================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Date : july 9,2010...

Opera Browser 6.0 6 URI Display Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9281/info A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a supplied...

openSUSE Security Update : pidgin (openSUSE-SU-2012:0905-1)

Changes in pidgin : - Fixing bnc752275, CVE-2012-1178: Pidgin fails to verify the text's utf-8 encoding %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-432. The text description ...

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

CVE-2013-4705

Cross-site scripting XSS vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding...

CVE-2013-4705

Cross-site scripting XSS vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding...

CVE-2013-4705

Consolidated details for CVE-2013-4705 show an XSS vulnerability in Opera before version 15.00, exploitable via improper handling of UTF-8 encoding. Affected software: Opera browser (pre-15.00). Root cause (as stated): cross-site scripting due to UTF-8 encoding/validation issues. Impact is descri...

RHEL 6 : evolution (RHSA-2013:0516)

Updated evolution packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Low: Red Hat Security Advisory: evolution security and bug fix update

Updated evolution packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Mandriva Linux Security Advisory : pidgin (MDVSA-2012:029)

Multiple vulnerabilities has been discovered and corrected in pidgin : The pidginconvchatrenameuser function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash by changing a nickname while in an XMPP chat room...

Pidgin < 2.10.2 Multiple DoS

The version of Pidgin installed on the remote host is earlier than 2.10.2 and is potentially affected by the following issues : - A denial of service vulnerability NULL pointer dereference in the 'pidginconvchatrenameuser' function in 'gtkconv.c'. Remote attackers can trigger the vulnerability by...