Design/Logic Flaw

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability...

CVE-2012-2654

CVE-2012-2654 affects OpenStack Compute (Nova) EC2 and OS APIs in Folsom, Essex, and Diablo releases. The vulnerability arises from improper protocol validation when creating security groups if the network protocol isn’t specified in lowercase, allowing remote attackers to bypass access restricti...

CVE-2011-0466

The CVE-2011-0466 affects SUSE openSUSE Build Service (OBS) versions 2.0.x before 2.0.8 and 2.1.x before 2.1.6. The issue allows attackers to bypass write-access restrictions and modify a (1) package or (2) project via unspecified vectors. Remediation per connected sources is to upgrade to the fi...

The Danger of Open APIs

Ninety years ago KitchenAid released their first countertop mixer, which weighed in at about 69 pounds. More interestingly, the mixer also had a special socket that allowed users to attach assorted add-ons for new functionality such as slicers, shredders and meat grinders. Today this sort of...

JSON Hijacking of use as well as Web API security-vulnerability warning-the black bar safety net

by:cosine JSON Hijacking what role, as a black brother said, You can CSRF to give the user privacy data: a. The principle of the last presentation, first take a attack example, take the meal to do an experiment. First of all, we see this:http://help.fanfou.com/api.html. Rice no API. Wherein:...

CVE-2008-2956

Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service memory consumption via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem...