760 matches found
CVE-2014-0974
The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...
Memory corruption
The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...
UBUNTU-CVE-2014-3717
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service crash via a crafted kernel, which triggers a buffer overflow...
C2FO: User guessing/enumeration at https://app.c2fo.com/api/password-reset
Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: 1. Send a POST-Request to the url https://app.c2fo.com/api/password-reset as the following example shows: POST /api/password-reset HTTP/1.1...
CURL-CVE-2014-0139 IP address wildcard certificate validation
libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names CNs and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in th...
CVE-2013-4936
The IsDFPFrame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...
hypervkvpd security and bug fix update
0-0.7.0.1.el59.3 - Add support for oracle os 0-0.7.3 - Fix for one more file descriptor leak rhbz953502 0-0.7.2 - Validate Netlink source address CVE-2012-5532 rhbz953560 0-0.7.1 - Fix for file descriptor leak rhbz953502...
Open DNS Resolvers Center Stage in Massive DDoS Attacks
For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, ...
CVE-2012-4435
fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...
CVE-2012-4435
fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...
CVE-2012-4435
fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...
CVE-2012-0795
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address...
Xen <= 3.3 DoS due to incorrect virtual address validation
ISSUE DESCRIPTION The x8664 addrok macro intends to ensure that the checked address is either in the positive half of the 48-bit virtual address space, or above the Xen-reserved area. However, the current shift count is off-by-one, allowing full access to the "negative half" too, via certain...
CVE-2011-3187
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...
Code injection
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...
CiscoKits CCNA TFTP Denial Of Service
!/usr/bin/python Title : CiscoKits CCNA TFTP Server Denial Of Service Vulnerability Author : Prabhu S Angadi from SecPod Technologies www.secpod.com Vendor : http://www.certificationkits.com/cisco-ccna-tftp-server/ Advisory : http://secpod.org/blog/?p=271...
JVN#40382909: Microsoft Outlook read receipt function vulnerability
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...
[SECURITY] Fedora 12 Update: php-pear-Mail-1.1.14-5.fc12
PEAR's Mail package defines an interface for implementing mailers under the PEAR hierarchy. It also provides supporting functions useful to multiple mailer backends. Currently supported backends include: PHP's native mail function, sendmail, and SMTP. This package also provides a RFC822 email...
CVE-2006-2709
Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 do not validate the source address of a message, which allows remote attackers to 1 execute arbitrary code on a client or 2 forge messages to the server...
Sambar Server 5.x - Open Proxy / Authentication Bypass
source: https://www.securityfocus.com/bid/10256/info Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization. Once the remote attacker has gained access to the administrative interface, further attac...