9 matches found
PT-2026-53777
Impact ServerFilters.DigestAuth and the underlying DigestAuthProvider both defaulted their nonceVerifier parameter to true — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had no replay protection on Digest authentication; a...
CVE-2022-39325 Cross-site scripting vulnerability in BaserCMS
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users...
Patch Released for Critical Apache Struts Bug
The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008. All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache...
Fedora 23 : drupal6-6.37-1.fc23 (2015-14443)
"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...
Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940
Hi all; The LedgerSMB team is still working on a security advisory which details the exact nature of the security vulnerability, how to test for it, etc. We are giving it a couple days to ensure that it is correct and well edited, and that administrators have a chance to upgrade before the exploi...
sitepanel2.txt
GulfTech Security Research May 3rd, 2005 Vendor : Morgan Harvey URL : http://www.sitepanel2.com/ Version : 2.6.1 And Earlier Risk : Multiple Vulnerabilities Description: SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of...
racoon fails to verify signature during Phase 1
Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected...
[SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 178-1 [email protected] http://www.debian.org/security/ Martin Schulze October 17th, 2002 http://www.debian.org/security/faq -...
sysklogd.bof.txt
Date: Tue, 16 Feb 1999 02:22:56 -0500 From: Cory Visi To: [email protected] Subject: RedHat sysklogd vulnerability I'd like to apologize for being so late with this e-mail as I have known about this problem for months. The vulnerability was discussed in a Thu, 10 Sep 1998 BugTraq e-mail by...